1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Change your old Amazon.com password for better security

Discussion in 'News' started by Fergal1982, Jan 30, 2011.

  1. Fergal1982

    Fergal1982 Petabyte Poster


    Change your old Amazon.com password for better security

    Amazon's allegedly got an security flaw where hackers can find your password much easier than they would otherwise, and there's already a fix in place. But get this -- you'll probably need to change your password for the fix to take effect, if you haven't already done so in the last couple of years. According to Reddit users, the Amazon.com login system will actually accept any phrase so long as it begins with your password, such as "password123" when the magic word is simply "password" by itself. That apparently makes it that much easier for a computer to guess your password via brute force methods, no matter how counter-intuitive that seems, so if you simply change it immediately -- and to something other than "password," please -- you'll have much sounder dreams.

    Source: Engadget

    I've Tested this myself, and it appears to work as stated!
    Last edited by a moderator: Jan 30, 2011
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present


    1. ericrollo
      I have tried this but it does not work for me.

      Maybe my account is not old enough.
    2. Sparky
      Does not work for me.

      Just .com or is .co.uk playing up as well?
      Last edited: Jan 30, 2011
    3. Trogdor
      Thanks for the tip! Password changed. Now no one will know about that Hannah Montana DVD in my basket... Uh, ignore that last sentence please! :oops:
    4. Fergal1982
      Worked on .co.uk for me. According to details from various people on Reddit (the original source of this from Engadget it appears), it only appears to be the case if your password was last changed a certain time ago (although there is no clear indication of the timescale involved). All I know is that it happened for me, and didnt after I changed my p/w.

      According to the notes, when it is happening, it is also ignoring case in passwords.
    5. billyr
      Thanks for the heads up, mine was also affected. Password now changed.
    6. Theprof
      Interesting, although I don't have an amazon account, I have friends that do, I'll let them know. Thanks!
      Last edited: Jan 31, 2011
    7. Notes_Bloke
      Just tried logging in to my account and adding extra digits on the end and it let me in:blink

      Safe to say the password is changed now.

    8. BosonMichael
      I've got a mixed bag (.com):
      I tried logging in with extra characters at the end of the password and was denied access.
      I tried logging in by changing the case of some of the letters in my password and was allowed access.

      Fortunately, I've got a fairly complex password, so I don't think either would be a huge deal breaker for me.

    Share This Page