cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
jacksona
Beginner
436 Views
Message 1 of 11

Locked out of my email - again. This is NOT Security 🤬🤬🤬

Getting increasingly angry with BT, despite having been with them for years.

Got locked out of my account whilst on holiday a couple of weeks ago, out of the blue.  Went through the password reset nonsense, and the intense frustration of the synchronisation lag between bt.com, BT Sport app, IMAP and SMTP servers.  I should point out that my NAS at home also uses my btinternet.com email to send notifications, and didn't get updated whilst I was on holiday, but there's no sensible reason why that should be a problem - it just wouldn't work without the correct credentials.

Fast forward to this morning, when I received the dreaded text, saying that I've been locked out again.  Went through the password reset nonsense (I'll explain why it's nonsense later), although as I did it, it displayed a big red box saying that something had gone wrong!  (come to think of it, it did that while I was on holiday as well).  I then deleted my accounts on iPhone and iPad to re-set them up from scratch (yes, including the SMTP credentials, and yes, using the new password, which does seem to have *mostly* updated).

On MacBook, also changed Outlook password.  I've also now removed anything using my credentials from the NAS - I'll just use push notifications, instead.  So current status:

  • iPad: Apple Mail reads IMAP, but won't send via SMTP.  iOS Outlook sort of works, but VERY slowly, and is not my preferred client.
  • iPhone: Apple Mail wouldn't even set the account up automatically, saying it couldn't connect using SSL, so I set it up manually. Now it reads IMAP, but won't send via SMTP.  iOS Outlook sort of works, but VERY slowly, and is not my preferred client.
  • Macbook: Outlook reads IMAP, but won't send via SMTP, even if I manually enter the credentials (even though it has always been fine with just using the incoming server details).  I'm expecting this to cause another lockout imminently.
  • Webmail: Works fine, but it's hardly a convenient means to send an email when on the move.  Presumably this proves that I'm not an idiot, and do know what my current password is!

I've spoken to the 1st line support guy, who categorically assured me repeatedly that this was definitely someone trying to gain access to my account ("...could ONLY happen if someone went on to bt.com and tried to manually log in, definitely NOT a device..."), and that BT was very serious about Data Protection, so locking my account was the right thing to do.  We've even changed my Security Question and Answer!  Except, even if it WAS someone trying (and failing) to access my account, they didn't manage to get past the existing password, so why would a new password be any different, and I'm just going to get locked out when they try it again, aren't I?

This is a CATASTROPHICALLY stupid way to "protect" my account.  If someone (or, say, my NAS, as I now suspect) can't get in with the currently genuine credentials, then there's no harm done - they won't get in with a new password either, so what's the point?!  If someone goes to bt.com and tries to go through the Forgotten Password process, then BT has my phone number and email address to send me a verification that it was me - if it was, I'll click the link, if it wasn't, then don't change the bloody password!  That's what Yahoo! does.  And Google.  And Apple...

If someone has managed to crack my email password, then good luck to them - they obviously wanted it badly enough to invest in a Supercomputer, because my password is not a word, is 13 characters long, has lower-case, upper-case, symbols and numbers.  It'd take hundreds of years to crack!  It's actually difficult to keep coming up with a new one every time BT's systems have a brain-fart.

NOBODY else does it this way - it's barking mad.  Oh, and "...it can take 6-8 hours for the password change to propagate to the SMTP servers...".  Really?  If true, that's a bit moronic, isn't it?

So, I'm now waiting for a 2nd line tech to call me tomorrow.  In the meantime, I can't send emails.

Oh, and it's great that BT are updating the look and feel of the webmail, but what people REALLY want is Push Email!

</rant>

0 Ratings
Reply
10 REPLIES 10
Community Manager
Community Manager
371 Views
Message 2 of 11

Re: Locked out of my email - again. This is NOT Security 🤬🤬🤬

Good morning Jacksona,

Thanks for the post and welcome to the Community.  I am so sorry to hear of the position you have found yourself in, its sounds like a nightmare so I can completely appreciate your frustration.

I would like to look into this to figure out why your account keeps getting compromised.  To do this I am going to need a few details from you.  I have dropped you  a private message with instruction on how to contact me and what information I will need.

Once I have your details I can do some digging so that we can improve your experience.

Cheers

Sean

0 Ratings
Reply
Distinguished Guru
354 Views
Message 3 of 11

Re: Locked out of my email - again. This is NOT Security 🤬🤬🤬

Hi.

If smtp doesn't work, try port 25 initially - sometimes the ssl port seems to fail on devices sometimes.

Always setup accounts manually, never let any app auto configure.

With regard account lockout, this could be a few reasons - including someone even believing they are entering their own email address in a device (or indeed webmail) and trying a lot of times with their password. Eventually I believe the systems seems that as an attempt to hack the account and causes a lockout. (Of course, it could be someone trying to hack into the account deliberately).

Trying to access the account from a device with incorrect settings (username or password) can cause this too, because the device may be set to auto-check the email every minute or so, hence causing failures in quick succession.

I'm not sure if there is any short lock-out period after, say, 3 failed attempts. This should be the case, so that the "correct" password can be tried 15 minutes/1 hour later without account lock-out.

Sometimes I think the system will auto-unlock after a time, I'm sure I've seen reports saying a day or so - but only after no new failure attempts.

 

0 Ratings
Reply
jacksona
Beginner
343 Views
Message 4 of 11

Re: Locked out of my email - again. This is NOT Security 🤬🤬🤬

Hi Andy,

Thanks for the response, some useful hints there 👍

I've PM'd Sean, as requested, so hopefully he'll be on the case now, but here's my thinking:

After nearly 24 hours, the SMTP servers seemed to catch up, and CURRENTLY it works fine.

However, my issue is two-fold:

1. WHY does it take 24 hours to propagate a changed password to the SMTP farm?

2. Again, the security imposed is CATASTROPHICALLY stupid!  I'm an IT Director, and quite frankly, if my Security Architect came up with a "solution" like this, where a device, or a hacker, fails to break into an account (because the password did exactly what it was supposed to do!), so it then ALSO blocks the legitimate user from using their paid-for service, they'd be out the door that same day.  I'd also be having an apocalyptic rant at the Test Team...

I fail to see what benefit changing the password has.  This is what the process does:

1. They (or it) didn't have the previous password, and obviously couldn't crack it, or they'd be in.

2. The system blocks the account.

3. Now I can't get in either.  So BT forces me to change my password - which was obviously DOING ITS JOB!!!  (Oh, and after putting in the new password twice, bt.com comes up with a big red box, saying something went wrong, so it's easy to assume the password wasn't changed at all!).  

4. Now they STILL can't get in, my password takes 24 hours to get to the SMTP servers, and I can't send emails.

5. 24 hours later, after much frustration (actually wasting a whole day trying to fix it at my end), it all works, but I'm cursing BT.

6. Sometime later the Hacker, or device, tries again, but STILL doesn't know the password.

7. Go to 2. and repeat, ad nauseam.

Hopefully you can see how absolutely brain-damaged this process is.  BT is NOT protecting my security.  BT is stopping me from working.

In fact, I'd go as far as to say that BT is actually COMPROMISING my security, as I have to keep coming up with uncrackable, unique passwords (not a word, more than 12 characters, upper-case, lower-case, letters, numbers, symbols), every time your systems have a completely unnecessary brain fart - so people will end up writing them down!

If someone can't get past a password, there's no harm done.  If a device has the wrong password, it just won't work - again, no harm done.

Frankly, if someone HAS managed to crack my password, then good luck to them - it'll be immediately obvious to me, so I'll deal with it in a completely non-destructive way, rather than the absolute chaos that the process imposes (largely because BT's systems don't seem to talk to each other in real time!).

If someone tries to change the password, using the forgotten password process on bt.com, then surely the obvious thing to do is to text or email me, asking if it was me - if it was, I'll click the link to change my password.  If it wasn't me, I won't, the password will remain SECURE, and I'll keep working!  This works for Yahoo!, Google, and Apple.  Genius.

So, in summary, 48 hours later, it's currently working, but I have no idea how long for, until they stop me working for a day again.  I spoke to 2nd line support yesterday, and asked for this to be escalated.  I'm waiting for her Manager to call me this morning, so I can ask for another escalation.  I have no idea how many times I'm going to have to do this before I manage to speak to someone at a level that can actually stop this insanity.

Adam.

0 Ratings
Reply
Distinguished Sage
Distinguished Sage
314 Views
Message 5 of 11

Re: Locked out of my email - again. This is NOT Security 🤬🤬🤬

I would suggest that you no longer deal with customer services and that you contact the moderator as requested and leave it up to them to resolve the problem.

0 Ratings
Reply
Community Manager
Community Manager
279 Views
Message 6 of 11

Re: Locked out of my email - again. This is NOT Security 🤬🤬🤬

Good morning everyone,

Thank you to @jacksona for highlighting your experience and for the subsequent info you have included via private message.  I am so sorry for the frustration this has caused.

We reviewed this case and identified that the specific pattern of usage, in particular geo location of clients with a given time period caused a false positive detection of compromised account activity. These mechanisms protect many customer accounts successfully on a daily basis, but we’re sorry it caused inconvenience and problems for you @jacksona. We are reviewing the findings with the development team to see what changes need to be made.

Cheers

Sean

0 Ratings
Reply
rosy1066
Newbie
177 Views
Message 7 of 11

Re: Locked out of my email - again. This is NOT Security 🤬🤬🤬

I have been having the same problems.  I am locked out of my email at least once a week at the moment often 2 or even 3 times with the consequent pain of having to reset the password and synchronise various phones and laptops.  The message is always the same suspicious activity identified on email account.  

Please help!!

 

0 Ratings
Reply
Distinguished Guru
151 Views
Message 8 of 11

Re: Locked out of my email - again. This is NOT Security 🤬🤬🤬


@rosy1066wrote:

I have been having the same problems.  I am locked out of my email at least once a week at the moment often 2 or even 3 times with the consequent pain of having to reset the password and synchronise various phones and laptops.  The message is always the same suspicious activity identified on email account.  

Please help!!

 


Hi, welcome to the forums.

Are you using a VPN to access your emails by any chance?

0 Ratings
Reply
rosy1066
Newbie
139 Views
Message 9 of 11

Re: Locked out of my email - again. This is NOT Security 🤬🤬🤬

Hi,

Thanks 😀

Generally yes,  I do use a VPN.  But not when using mail on my Mac as I have had previous problems with messages failing to send etc.

Thanks for your help.

0 Ratings
Reply
Distinguished Guru
115 Views
Message 10 of 11

Re: Locked out of my email - again. This is NOT Security 🤬🤬🤬


@rosy1066wrote:

Hi,

Thanks 😀

Generally yes,  I do use a VPN.  But not when using mail on my Mac as I have had previous problems with messages failing to send etc.

Thanks for your help.


If you were using a VPN to check emails, even simply forgetting to turn it off - then checking a few minutes later, it's possible the "system" could see that as the account being compromised as it was being accessed in essence from various parts of the world in a short space of time.

0 Ratings
Reply