Why is being honest such a pain?

[DiapDealer]

Quote:

Mozilla Firefox has a password manager in the web browser

I've learned (the hard way) not rely on password managers. The only way to remember a password is to use a password. When something blows up... you have to go through the hassle of retrieving passwords that the password manager helped you forget.

[J. Strnad]

I only go to Radio Shack as a last ditch anymore. They want your info and push cell phones on you, and usually all I wanted was a damn battery.

I don't mind the zip code thing, though. As noted, it's non-exclusive and I know why they want it.

I'm also tired of sites that want you to register. Often I get to the registration form and just click away...usually not worth it.

[pholy]

Quote:

Originally Posted by kcmay

What drives me crazy most of all is being asked to provide my SSN to doctors' offices. I'm not applying for credit, and they bill my insurance directly. They don't need my SSN.

Interesting point about your Social Security Number... In Canada, the similar Social Insurance Number can, by law, only be used for federal tax and pension purposes. Only banks, which give taxable interest, can ask you for your SIN. Nobody else! Thirty years ago I worked for a company that used your SIN as their employee number - naturally it showed up on lots of open documents; They can't do that anymore, it makes identity theft too easy.

[corona]

Quote:

Originally Posted by Worldwalker

There are plenty of places you can tar with that brush of yours, but smearing it all over a company that doesn't do what you're objecting to is dirty pool.

Oh, ouch. I wasn't launching a specific critique of webscriptions, who anyway are obviously doing good work that other e-retailers won't do.

I looked at their form and said "fuhgedaboudit." Lots of blanks, lots of fields marked with asterisks (which we all by now know means "required"), "your billing address must be the same as your shipping address" (huh?), when I just wanted to give them a little bit of money and get my book.

So, yes, sorry for maligning webscriptions, but they, too, might take a lesson from the fact that customers sometimes just like to walk into the store, buy something, and go home and use it.

[kcmay]

Quote:

Originally Posted by Seanette

Actually, they do, since the insurance company uses that as part of your identifying info when you enroll (I've done health insurance enrollments).

I've never worked in the healthcare field, but I do work for a company whose main product is data matching used extensively in the healthcare industry. If a doctor has my name, DOB, address, phone number, employer name and insurance carrier, group number and insured ID number, they really don't need my SSN to submit a claim. If they do, then the insurance company seriously needs to get a better data-matching algorithm.

[Seanette]

Quote:

Originally Posted by kcmay

I've never worked in the healthcare field, but I do work for a company whose main product is data matching used extensively in the healthcare industry. If a doctor has my name, DOB, address, phone number, employer name and insurance carrier, group number and insured ID number, they really don't need my SSN to submit a claim. If they do, then the insurance company seriously needs to get a better data-matching algorithm.

I don't disagree with you. I was just reporting my own work experience in a relevant area.

[Worldwalker]

Quote:

Originally Posted by corona

I looked at their form and said "fuhgedaboudit." Lots of blanks, lots of fields marked with asterisks (which we all by now know means "required"), "your billing address must be the same as your shipping address" (huh?), when I just wanted to give them a little bit of money and get my book.

Name and address. Password. Yes, the billing address has to be the same (there's a checkbox for it) because they're not physically sending you something, they're emailing it, and their credit card company likes it that way. If you've never dealt with one, let me tell you, retailers are at the mercy of CC clearinghouses. Webscriptions requires pretty much the minimum that their processor allows them to get away with -- what they need to know to run your credit card (or what PayPal requires, as the case may be) and no more.

Quote:

So, yes, sorry for maligning webscriptions, but they, too, might take a lesson from the fact that customers sometimes just like to walk into the store, buy something, and go home and use it.

If you walk into a store and hand someone cash, they've got known-good (usually) cash in hand, everything's cool.

If you walk into a store and hand someone a CC, they can check your ID (though it's disturbing how many don't) and be reasonably certain you're the proper owner of that card.

If you buy something online, the retailer doesn't know if you're who you say you are, or some dude from Nigeria who stole a CC number from a victim of his advance-fee scam. They can't see you. They can't look at your ID, or even at your card. So the credit card company wants a name, address, and phone number, which gives them at least some hope that you're you and not me.

Buying something with a credit card from someone who you're invisible to is never going to be the same as handing someone some legal tender face-to-face. It's a different sort of transaction, and if you ever have a credit card stolen, you'll be thankful that it is. If you don't want an online retailer and their credit card clearinghouse knowing your billing information, you're going to have to stick with handing people legal tender.

[Format C:]

Quote:

Originally Posted by DiapDealer

I've learned (the hard way) not rely on password managers. The only way to remember a password is to use a password. When something blows up... you have to go through the hassle of retrieving passwords that the password manager helped you forget.

Quick and dirty trick:
One password to be remebered for everything, and a different password for each site.

It's not a contradiction, just a two step process.

1. Choose your strong password, the one you'll remeber, like F0rm47_C_c0l0n
2. Enclose it in a phrase with a reference to the site, like type_F0rm47_C_c0l0n_to_enter_Mobileread

You'll end up with a very strong and long password, easy to remember.

[bgalbrecht]

Quote:

Originally Posted by RDaneel54

I know what you mean. There are a lot of retailers that ask for my phone number or zip code. I used to give it out, then I thought, why? So now I say "no" with a smile.

I wonder if most people think they have to give the information to buy items.

When a retailer asks me for a phone number, especially when I'm paying cash, I always give a phone number of area code, 555 and some random 4 digit number. Unless it's changed recently, 555 numbers are always unassigned, and/or go to directory assistance.

In defense of Webscriptions and other ebook retailers, the request for you to create an account is a reasonable request. Webscriptions, and just about every other ebook retailer allows you to re-download your purchases at a later date, and in Webscriptions' case, allows you to re-download your purchases in other ebook formats if you so desire. I don't think your analogy of a car parts online retailer isn't such a good fit, ebook retailers are more like an online library, and your account id (or email) is your library card.

[Jadon]

Quote:

Originally Posted by Format C:

1. Choose your strong password, the one you'll remeber, like F0rm47_C_c0l0n
2. Enclose it in a phrase with a reference to the site, like type_F0rm47_C_c0l0n_to_enter_Mobileread

If the phrase isn't identical between sites (excepting site name), it's difficult to remember; if it is the same, it's just an extension of the base password. Also, while strong-password recommendations advise using more than just letters and numbers, you can't always count on sites to accept other characters in passwords.

[MikeFromHC]

Quote:

Originally Posted by toddos

Nothing wrong with store loyalty cards, if you do it right. I've got cards at QFC, Safeway, and Albertsons, and none of them have my proper information. Of course, I don't remember what phone # I gave so if I lose the card I can't get discounts, but if that ever happened I'd just fill out an app for a new card with a new fake name, address, and phone #.

The cards raise the prices in the stores, just as green stamps did in the past.
The people who get hit the hardest are those that refuse the cards, but the cardholders pays more for an item *with* the card, then they did before the cards were put into place.

costs

Even if they don't have proper information the purchases can be traced back to you and there is concern that those records could be obtained in law suits against the holder.

I don't shop at such stores unless I can't find the item anywhere else. The last time this happened was at a Safeway and what I wanted was a dollar over the suggested list price.

Using fake ID would, in a case like this, be considered fraud.

CASPIAN

[Format C:]

Quote:

Originally Posted by Jadon

If the phrase isn't identical between sites (excepting site name), it's difficult to remember; if it is the same, it's just an extension of the base password. Also, while strong-password recommendations advise using more than just letters and numbers, you can't always count on sites to accept other characters in passwords.

Extending the base password is a protection from brute force attacks, not from social engineering.
It takes billions of years to a present day computer to break it, and maybe a couple of ours to a smart girl to get it from you...

[Worldwalker]

There are people who write their strong passwords on stickynotes and attach them under their keyboards or, worse yet, on the sides of their monitors. People, in one case I knew personally, in the accounting departments of very large corporations. Protecting yourself from a dictionary attack doesn't do a whole lot of good if any random person can just walk up to your desk and read your password.

[DuncanWatson]

Quote:

Originally Posted by Worldwalker

There are people who write their strong passwords on stickynotes and attach them under their keyboards or, worse yet, on the sides of their monitors. People, in one case I knew personally, in the accounting departments of very large corporations. Protecting yourself from a dictionary attack doesn't do a whole lot of good if any random person can just walk up to your desk and read your password.

That problem relates to IT departments mandating 90 day changes of passwords with no repeats for the last 10 passwords and a mandate of 90% change for the new password as compared to the last 10 used. As well as mixed numbers, letters and punctuation.

Shockingly such draconian user-unfriendly policies result in rampant security violations as users put passwords on sticky notes, in their wallets, on their pda/phones etc. Sure some people (this is especially bad in accounting and financial departments) will put passwords on sticky notes attached to their monitor no matter what you do. But by making it so unfriendly many more users are forced to take such action just to be able to do their job. Not everyone can create passwords that fit IT criteria of a good password and commit them to memory every 3 months. Especially without reuse. If you really need such security use an skey token with generated passwords every 30 seconds or so. (something you have + something you know security).

[Bilbo1967]

User-unfriendly is right. I have one particular password at work that I have to change on a monthly basis.

Every month I enter a new password as prompted and get the message "Password does not conform to the template - please create another". Not a word of advice about what the template might be

I've spoken to our support people, apparently, they don't know what the template is either, it's automated!