Or they use really obscure questions. Verizon prompted me for "Favorite Vacation Spot" the other day, and I could not recall my answer. Wound up resetting the password and account.

Wish I could mod this up...I do have points, but if I mod this the thread gets deleted. :(

I forgot to also mention two-factor authentication. The downside of all this is if the phone is lost/damaged then you may not be able to access your passwords.

But of course, none of these celebrities have time for this. Technology has enabled them to do things that were competently handled by manager and agents in the past.

A strong password CAN be easily remembered. How about remembering 10 and 11?
"Ten!!!!!!!!!!!"
That's 10 and eleven "!" characters.
https://howsecureismypassword....

Length is really the primary consideration and once you get to 10+ characters the repetition isn't necessarily an issue.

But to your point about the cloud, I agree. I truly despise how all the vendors (Google, Apple, Microsoft among others) are driving data to cloud storage. It's so difficult just to save a file to the local device...every other prompt is trying to get you to save to their server farm.

Yup, I agree. I have Lastpass for my iPhone but some of my banking apps won't let me paste a copied password into their app. Try typing "$eR#g,Q2!yu?" into a banking app using the touch screen.....argh! I could drive to the bank by then to make my deposit. :)

I'd imagine once you hack a celebrity email you can then get emails of their friends, and so on. The key is to get the email address of Kevin Bacon and then you're golden.

Use one very strong password for the password manager. That allows you to have hundreds of different passwords so each site you visit uses a different password and you don't need to remember them. If you use a strong enough password then you'll be fine.

Just another reminder to use strong passwords, password managers, and change them often. It's a pain, but it's the reality of the digital world.

They don't just throw themselves under the bus, they pile up in front of it. It whips the base into a feeding frenzy.

Or rile up their base.

It's cute how you are surprised there are people in the US that would 100% vote against a gay person no matter how qualified they were. Me pointing it out has no bearing on the discussion, because those who are opposed to the "gay lifestyle" are likely already mounting a campaign against her. They didn't me to make this observation.

Because while she is quite qualified for the position I can bet that some in Congress will not only have an issue with her gender but also her sexual orientation.

Note that I do not believe this should be an issue at all, but reality is often different from what we would hope.

Occasionally the merchant services provider will ask to speak with the customer, and they also will contact the issuing bank. However, the entire call is handled over the initial call that was made to the merchant services provider. Once the merchant services provider speaks with the customer the retail clerk gets the phone back and it is at that point that the merchant services provider gives the clerk an approval code to use.

Note that for American Express and Discover the retail store calls their processing center directly. That's because they handle their approval system and they will frequently speak with the customer to verify security details. But the Amex number for merchants is an entirely different number than the one on the cards themselves, and the retail clerk initiates the call and speaks with the representative.

The retailer doesn't call the number on the card, the retailer call's the merchant service center. For example, customer has a Chase Mastercard and when Apple tries to post a transaction the card receives a decline. Apple would never call Chase, but instead calls their provider (which at my store is First Data Merchant Services). Apple's provider in turn electronically contacts Chase and then provides an approval code back to the clerk. The customer (or scammer) never has an opportunity to change the phone number unless they physically get behind the checkout counter and overwrite the numbers that are posted for the retail clerks to use. So it doesn't matter what phone number is on the card, that number is for the customer's use and not for the merchant's use.

Based on TFA this scam has been done before to other retailers. When a merchant receives a "decline" they can optionally call the bankcard processor to obtain a verbal authorization code. The merchant can then "force" the sale to go through using the authorization code they received over the phone. The two huge procedural holes that Apple (and the other retailers) left open are:

1: The clerk is the one that should be calling for an approval code, and the call is made not to the cardholder's bank but rather to the bank that processes the cards for the retail store. It doesn't matter what the customer's bank says (or in this case the fake bank) since the approval/authorization code must come from the retailer's bankcard processor.

2: At my store a manager override is required to "force" a bankcard approval. So even if the clerk makes the call and gets a voice approval code a manager/owner must also provide a password to allow the approval to go through. Apparently Apple has no such security check in place and clerks tan type a manual code into the POS system to force the sale to go through.

Amazingly simple scam, but also amazingly simple to prevent if the stores involved had even rudimentary procedures in place.