Shopping websites suddenly don't recognise my password any more

[Jumblygirl]

Can any kind person shed any light on why this would happen please?

Its' not happening with the major websites; on Mmsnet and Amazon for example, everything works fine.

But I tried to sign in to three fairly small websites today (all of which I have used before and all of which have my details stored) and when it comes to the bit where I type in my e-mail address and password, a message pops up saying "password not valid" or "password not recognised"

It's the same password I've used forever so I don't understand it.

It happened on three fairly small sites which I last used without problems in July/August - so I don't think it is a coincidence.

And yes, I have definitely used the correct password.

Does anyone have any thoughts please?

Could someone have guesses your password and "taken" your account?

Most sites offer the chance to email you your password or to issue a new one. Try doing that and once you're in change your password to something else.

Thank you BadgersPaw

I don't think anyone could have taken my password (private computer at home) but I will ask dh if he knows how that could happen (I'm useless at this).

I have tried opening a totally new account but because it's the same e-mail address, which the shops recognise, they won't let me; ie a message pops up "your e-mail address is already registered with us" or words to that effect.

I wonder sometimes if online shops realise quite how difficult it is on occasion to spend money with them!

Normally there is an option somewhere to get them to email a "password reminder".

They don't have to get at your computer to "take" your account, all they have to do is guess your password.

Find a way to get the password for your current account (look for that link about "forgotten your password" or something similar), get into your account and then change the password.

Do you have caps or num lock on by mistake?

Thanks very much: all your replies are very helpful.

CruelandUnusualP, thank you, I have tried those options and that's the second complication because, for some unknown reason, those e-mails aren't reaching me (and I have checked the junk box as well as the in-box)so curiouser and curiouser ...

Yikes BadgersP that's rather worrying. Thank you. I'll change my passwords more regularly in future. There definitely seems to be something strange going on!

DollyTwat that sounds like something I would do! Thanks! Will check it out.

Thanks for your help everyone. It's not the worst thing that can happen by any means - just one of those niggling things that Mumsnet is fantastic at helping to sort out!

Something to consider (just to stop the simplest 'dictionary attack' - taking all the words from a dictionary and adding sports teams, and other 'popular' names from music, retail, etc) is to have a combination of numbers and letters, and include both capitals and lower case, plus punctuation (if allowed).

One of my (old) passwords was Dogs-2003! (yes, including the "!") though I don't even like dogs myself, and own a cat! I try to ensure each website has a different password, and certainly doesn't match any password used for accessing e-mail or bank accounts (many different e-mail accounts, not so for banks!)

Thanks for the wise tips NetworkGuy

I realise now I should be taking this a whole lot more seriously ...

How do you remember your codes if you don't mind me asking? For example, if you store them in a word document, aren't they equally liable to be stolen?

"How do you remember your codes if you don't mind me asking? For example, if you store them in a word document, aren't they equally liable to be stolen?"

A word document on your own PC is only going to be stolen if either your machine is physically stolen from you or someone hacks into your PC. Both very serious and hopefully fairly unlikely.

Where as anyone can try and have a guess at your password. They don't need anything from you at all.

So having the passwords taken from a word document on your machine is far less likely than someone just guessing a log in.

However even then I would never keep my bank passwords written down anywhere as they are the most important and valuable thing.

I also wouldn't keep the password for anywhere that has my credit/debit card details stored.

So for those you do just have to remember.

For the others I often tend to group things together. So I use the same password for a number of "minor" forums where the worst someone could do would be to pretend to be me on a place like this. That makes it easy for me to get into places like this but with a fairly minimal risk. My email and bank passwords are all separate and all unique.

Thank you for that very helpful explanation BadgersPaw.

Believe it or not, I once completely forgot a bank pin number that I had been using for 12 years more or less every other day, and had to go to the bank and change all my cards! So I am going to have to write the codes down somewhere (bird brain emoticon).

The reason I asked about the safety of word documents is I seem to recall having a virus in a work computer years ago that sent random bits of word documents out to various people in my e-mail address book (and rather embarrassing it was too).

It's reassuring to know that a word doc is reasonably safe though.

I really appreciate the advice. I am going to give all my systems an overhaul now I know about the vulnerability of passwords. So it turns out this has all been a bit of a blessing in disguise.

I use 1Password - it's an application that stores all your passwords in an encrypted file, then there's a one button browser plugin that can autofill the password field when you need it.

Then you just need to remember your one password to rule them all

1Password

"It's reassuring to know that a word doc is reasonably safe though."

Well as you say you can get viruses/trojans that will send out to people documents from your machine. But if you've got into that much of a mess then you could also have key loggers that will watch what you type which will get any password from you.

So yes a Word Document is reasonably secure, but once your computer is compromised by a virus nothing is secure so I wouldn't hold any bank details or the loging for any site that has my credit/debit card numbers stored in there.

That wasn't in my home computer thank heavens BadgersP. We have so many firewalls on this one, I almost can't access my files myself!! (Which incidentally is why I've been quite surprised by this recent series of events.)

The thought of key loggers strikes fear in to my very soul.

Don't worry, I'll follow your advice about bank codes. Thank you again.

And thanks for that terrific link RubberDuck. Sounds like a very smart solution!

Chrome, Firefox and Opera can save the passwords for you. Chrome and Firefox can display them (if you needed to check some months later) while Opera, MS Internet Explorer and Safari don't show them to you, but may show the site and username (I don't use them all, all the time). Safari may not show the passwords, but the Apple system can show saved passwords (ie Safari on an Apple isn't the software saving the username + password information, but the OS Keychain facility.

For forums and limited importance websites I let Firefox keep track (and every 3-4 months I save screen dump images of the list of website + username + password screens - on this PC the screen shows 45 lines and there are about 10 screens of entries, so there are over 400 passwords stored). Like BadgersPaw, I don't store passwords to PayPal, bank or e-mail accounts in Firefox, but in my head.

I'm fairly good with long phone numbers, but I think it was Einstein who said to only keep important info in your head, and commit the rest to paper, so having a list on paper (perhaps hidden in a book) is better than trying to keep track of dozens of different account passwords, and I would find it difficult to remember 400, as most of my passwords include dates (or at least a year) and I have been using global networks for 20+ years now.

I do still use some strings of numbers from when I was at College in the mid-70s (prime numbers of at least 5 digits, so some are easy to determine, but still 'random' enough for few people to guess!)

Back then the password was only numeric on the computer we were using, but now I add non-digits of course.

Hmmm, just started hunting for the CTL "Mod 1" computer (I was using it for FORTRAN and COBOL) and found lots of other places had them, too... Though there's something with a similar name in a US Navy gun control system!

Again, thank you very much for all the expert tips and info NetworkGuy.

Your knowledge of the subject exceeds mine x 50000!! Will look in to the Firefox, Opera and Chrome options for storing passwords. Fortunately I have nowhere near 400!!!

I remember reading of a BBC reporter who was conned out of his password by being told there was a "funny video" of him online. So he registered with the site which to all apparent visitors did look like it held video clips, and by the time he had verified his account (using the same mail address and password as he used for his e-mail account, unfortunately), the hackers had started sending e-mail to all his contacts list, had been into other accounts (as the e-mails gave a trail of sites he used) and started changing other passwords, presumably planning to change his e-mail address password and lock him out.

Highly embarrassing and it must have taken some guts to document it (probably while still blushing about his situation) and put his hand up to having been conned, in such a public way, as for it to be a hazard warning on the BBC News website. I really will have to find that article and make a link to it for future use whenever I see someone comment on passwords.

I know it is easy to forget passwords, and some sites force me to change the p/w every 2-3 months which is something I detest.

However, I can recommend using spamgourmet.com so that you can create unique e-mail addresses when you register with a website and not only does it prevent that mail address being used when you login on other sites (since each address is unique) but it can guard against spammers if the website you registered with ever gets hacked, as the mail address has a limit to the number of messages it will accept before 'gobbling' new messages.

You just "whitelist" a valid address for (wanted) messages from the website and those will come through OK, but if the address is sold/hacked for spamming, after just a few messages, spamgourmet will stop forwarding them on to you.

Also, in case you prefer to give a shorter e-mail address, spamgourmet.com also owns other domains, so I often register on 'might be interesting' sites as [something]@dfgh.net (dfgh.net is another domain accepting mail to the spamgourmet.com service).

So lots of websites never store my own domain names, and definitely not my GMail account names, but have to send everything via spamgourmet.com

It means I have hundreds of possible mail addresses, and none 'give away' my actual GMail (and other) mail accounts.

Feel sorry for that BBC reporter! Crikey - that's so scary!

Thanks for the tip about SpamGourmet will check it out.