...

I'm reviewing the passwords I use for a range of online activities (banking, ebay, Amazon etc etc) looking to make sure I haven't done anything stoopid (easy these days given the number of different logins we use regularly & (perhaps more troubling) not-so-regularly...).

I'm looking to use a password manager (Keepass, LastPass etc) and so I sit down with SWMNBO to review the need for using such a tool... How many logins do we struggle to remember the password? Do we need to dig out the password hints locked in the safe frequently? Have we re-used a password thus creating unnecessary insecurity etc etc/

I say to SWMNBO "You use QVC quite a bit. Do you have a good strong password on that account?"

"Well", she says, "You only need to give your email address and a 4-DIGIT PIN"

A fuc ng 4-DIGIT PIN?????

Am I missing something here? I know that QVC will/should hold this info in an encrypted form but, bl dy hell, a 4 digit PIN is no security at all surely? And once in, you can do anything... change the delivery address, change the email address, order goods for delivery and notification to the above altered addresses etc etc...

I emailed QVC but no reply yet.

Someone point out that I'm missing something here? It's not as if you need some other form of authentication. Without being corrected, I'm frankly amazed...

Interested in others' feelings / response...

Ta!

... ...

Be true to yourself. That way happiness lies...

no offence but most who shop on QVC won't be capable of much more than a simple 4 digit pin same with Amazon, once your logged in on a PC it stores your card details and it is unbelievably easy to order stuff without any form of check, as Mrs T keeps finding out when she doesn't log out

One idea for a password is to create a word using letters and numbers then add the site to the end with a hash # between the words, it creates a relatively strong password and differs for each site but is easy to remember.

For example use Pa55w0rd as your base word, so for QVC it would become Pa55w0rd#QVC

...

I'm familiar with password strength and any site where personal data / financial info is accessible should only be navigated via a secure site, with sufficiently strong authentication. I'm just amazed that QVC use just a 4 digit PIN.

 ...

Be true to yourself. That way happiness lies...

This http://xkcd.com/936/ is my preferred method of passwords now.

Once had a friend who smugly told me how secure he was, he used a 32 character random password for each site / application and stored them on his dropbox account using his phone to access. Was all going very well until he lost his phone and couldn't remember his password to his dropbox account!

Jon Freelander 2, 2014 Dynamic SD4 Santorini Black

piattj wrote:

...

I'm familiar with password strength and any site where personal data / financial info is accessible should only be navigated via a secure site, with sufficiently strong authentication. I'm just amazed that QVC use just a 4 digit PIN.

taztastic wrote:

piattj wrote:

...

I'm familiar with password strength and any site where personal data / financial info is accessible should only be navigated via a secure site, with sufficiently strong authentication. I'm just amazed that QVC use just a 4 digit PIN.

How many attempts will QVC allow? there are 10,000 possibilities....

Dunno... but if (eg, as is often reported) someone was able to filch QVC's customer database, they'd have plenty of opportunity to launch a password attack and get all customers' pathetic 4-digit PINs.

As you say 10,000 possibilities is f k all really.

I await a response from QVC regarding their security arrangements...

... ...

Be true to yourself. That way happiness lies...

It is poor, do your cards have an extra step to protect them when used online, mine do but not by default which is a little bizarre

If I use my card I some sites ask for Verified by Visa . I don't use QVC but I don't think that site asks for that extra security. ...

Be true to yourself. That way happiness lies...