---

Doug_Pardee wrote:

It seems every day we're hearing about some big Web site or other being hacked, and people's passwords being stolen and posted on the Web. It doesn't have to be B&N that gets hacked — if you use the same password here as at the place that did get hacked, it's probably just a matter of time before someone uses that password to log into your B&N account.

 

It's happening now at Amazon. They're having to shut down people's accounts because no-goodniks are breaking in, apparently with passwords obtained from Sony and other break-ins. This is leading to a mess as Amazon shuts down the account, removing access to all of the e-books purchased on that account, and makes the unfortunate victim create an all-new Amazon account.

 

The "simple" solution is to change one's password. Unfortunately, in order to change our B&N account password we NOOK owners have to unregister our NOOKs and reregister them with the new password. If we do that, we lose all of our shelves, all of our current-page markers, all of our bookmarks, all of our highlights, all of our notes, and we have to redownload our NOOK library one stinkin' NOOKbook at a time. In rare cases, we may lose NOOKbooks that are no longer available. It's extremely painful for a NOOK owner to change his/her BN.com account password.

 

In this era of widespread password compromises all over the Web, we need to be able to change our passwords without totally disrupting our NOOK experience. This really isn't a nicety, it's a necessity. Our B&N accounts aren't just our NOOKbook libraries; they are capable of ordering anything from BN.com, and in order to use our NOOKs we always have to keep a valid credit card on file for the account. Many of us also find we pretty much have to keep a gift card on file, so that the credit card doesn't get hit with multiple transactions because BN.com forces us to buy each NOOKbook one at a time.

 

I realize that fixing this will require firmware updates to all NOOKs, including the 1st Edition. But I repeat: this isn't a nicety, it's a necessity. We need to be able to change our account passwords. Please.

 

---

Why oh Why do people use the same password on more than one Website? That is just plain ignorant.
Sorry I just had to ask.

---

ProfReader wrote:

 

Why oh Why do people use the same password on more than one Website? That is just plain ignorant.

---

Because it's impossible to remember hundreds of different passwords. Every darned web site wants a password. My current list runs well over 200 sites. I've been permanently locked out of my employer's "benefits" web site because I can't remember what the password is and I've made too many failed attempts to log in.

 

The other question is, why does almost every Web site use email/password for identification and authentication? It's the same answer: because users would forget anything else.

 

I can't remember how it works, but there is at least one company that creates unique passwords for you, but you only need to remember one. It somehow then accesses the correct one for whichever site you are one. This involves a lot of trust. And, don't think it would work here, because you have to enter whatever password it created into your nook. Anyway, this needs to change, seriously. It becomes such a high hurdle to dereg and rereg for things that are needed. It's ridiculous to have to do it just because you changed a password. They'd just need a clear password function, which is basically what you do on ps3s and so on, then it could prompt to enter a new one.

---

Doug_Pardee wrote:

---

ProfReader wrote:

 

Why oh Why do people use the same password on more than one Website? That is just plain ignorant.

---

Because it's impossible to remember hundreds of different passwords. Every darned web site wants a password. My current list runs well over 200 sites. I've been permanently locked out of my employer's "benefits" web site because I can't remember what the password is and I've made too many failed attempts to log in.

 

The other question is, why does almost every Web site use email/password for identification and authentication? It's the same answer: because users would forget anything else.

 

---

Add into that some of the virtual keyboards and keypads some sites now use and it gets worse.  The website I use to get my paycheck stub went to a virtual keyboard.  The letters moved around on the keyboard every time you opened the page.  I was forever forgetting my password for that site, I've probably reset it 20 times in the last year.  Fortunately, that's now optional.

 

I try not to use the same password for each site, but, like Doug says, I have 200 plus passwords now, but I do try and mix up both user names (when I can) and passwords. 

I can't remember how it works, but there is at least one company that creates unique passwords for you, but you only need to remember one. It somehow then accesses the correct one for whichever site you are one. This involves a lot of trust. And, don't think it would work here, because you have to enter whatever password it created into your nook. Anyway, this needs to change, seriously. It becomes such a high hurdle to dereg and rereg for things that are needed. It's ridiculous to have to do it just because you changed a password. They'd just need a clear password function, which is basically what you do on ps3s and so on, then it could prompt to enter a new one.

For verification, it could ask you to enter the old one. This is actually how sony reverified ps3 password changes after the hacking incident. The old one didn't work, automatically deleted, and it asked for a new one. But, sony also ties purchases to specific machines as well as users.

It turns out that, at least for my NOOK 1st Edition 3G w/1.7 software, it is not necessary to deregister and reregister if you change your account password. The NOOK will simply ask for the new password when you do a "Check for new B&N content."

 

The manual states that it's necessary to unregister to change the password, but the manual is incorrect. So it's a documentation problem rather than a software problem, at least for that model.

---

Doug_Pardee wrote:

It turns out that, at least for my NOOK 1st Edition 3G w/1.7 software, it is not necessary to deregister and reregister if you change your account password. The NOOK will simply ask for the new password when you do a "Check for new B&N content."

 

The manual states that it's necessary to unregister to change the password, but the manual is incorrect. So it's a documentation problem rather than a software problem, at least for that model.

---

 

That is good to know. I've never tried doing this since I wouldn't want to rereg.

---

Doug_Pardee wrote:

It turns out that, at least for my NOOK 1st Edition 3G w/1.7 software, it is not necessary to deregister and reregister if you change your account password. The NOOK will simply ask for the new password when you do a "Check for new B&N content."

 

The manual states that it's necessary to unregister to change the password, but the manual is incorrect. So it's a documentation problem rather than a software problem, at least for that model.

---

I was just going to post that the only time I've had to unregister an reregister was when I changed my email address.  I've changed my password a few times and haven't had to reregister.

---

ProfReader wrote:

 

---

Why oh Why do people use the same password on more than one Website? That is just plain ignorant.
Sorry I just had to ask.

---

Otherwise some of us would have NO chance of remembering them! 

 

LisaB

---

Doug_Pardee wrote:

---

ProfReader wrote:

 

Why oh Why do people use the same password on more than one Website? That is just plain ignorant.

---

Because it's impossible to remember hundreds of different passwords. Every darned web site wants a password. My current list runs well over 200 sites. I've been permanently locked out of my employer's "benefits" web site because I can't remember what the password is and I've made too many failed attempts to log in.

 

The other question is, why does almost every Web site use email/password for identification and authentication? It's the same answer: because users would forget anything else.

 

---

Doug no intention to insult you, as you are one of the most valuable people on these forums.

 

I have over 250 passwords that i keep in a password manager in my phone and backed up to my computer. This way I don't have to remember them.  

---

Doug_Pardee wrote:

It turns out that, at least for my NOOK 1st Edition 3G w/1.7 software, it is not necessary to deregister and reregister if you change your account password. The NOOK will simply ask for the new password when you do a "Check for new B&N content."

 

The manual states that it's necessary to unregister to change the password, but the manual is incorrect. So it's a documentation problem rather than a software problem, at least for that model.

---

Does anyone know if this works for the N2E?  I was one of those people that had their Sony account hacked, and I would like to change my PW.  I do not, however, want to have to reshelve my 200+ books because I have to de-register. I dont want to change this without knowing before hand...

 

UPDATE: The live tech customer support chat tells me that no, i can't do this.  But as the documentation for n1e said no, i am wondering.  the DRM is attached to my name and CC #, not my password. This should be very doable.  I am agreeing with Doug's OP that this feature is a necessity.

---

astrangerhere wrote:

---

Doug_Pardee wrote:

It turns out that, at least for my NOOK 1st Edition 3G w/1.7 software, it is not necessary to deregister and reregister if you change your account password. The NOOK will simply ask for the new password when you do a "Check for new B&N content."

 

The manual states that it's necessary to unregister to change the password, but the manual is incorrect. So it's a documentation problem rather than a software problem, at least for that model.

---

Does anyone know if this works for the N2E?  I was one of those people that had their Sony account hacked, and I would like to change my PW.  I do not, however, want to have to reshelve my 200+ books because I have to de-register. I dont want to change this without knowing before hand...

 

UPDATE: The live tech customer support chat tells me that no, i can't do this.  But as the documentation for n1e said no, i am wondering.  the DRM is attached to my name and CC #, not my password. This should be very doable.  I am agreeing with Doug's OP that this feature is a necessity.

---

I just changed my password to test it and I had no problem.  My N2E didn't even ask me for the new one and I syned my library and bought an ebook.

 

 

---

Nallia wrote:

I just changed my password to test it and I had no problem.  My N2E didn't even ask me for the new one and I syned my library and bought an ebook.

 

 

---

Any trouble accessing older books or re-downloading older books? The CS rep told me i would have problems "in the future" if i tried this, but i cant figure out what "problems" those would be save for accessing older books for redownload.  Thanks for letting me know either way.

---

astrangerhere wrote:

---

Nallia wrote:

I just changed my password to test it and I had no problem.  My N2E didn't even ask me for the new one and I syned my library and bought an ebook.

 

 

---

Any trouble accessing older books or re-downloading older books? The CS rep told me i would have problems "in the future" if i tried this, but i cant figure out what "problems" those would be save for accessing older books for redownload.  Thanks for letting me know either way.

---

No problems with anything.  All of my books open, everything downloads, I archived and unarchived without issue, and had no trouble purchasing.

 

I'm not worried about some future issues.  If I do start having a problem, I'll just unregister and reregister.  No big deal.  I don't care if I have to download hundreds of books again--I do it when I change my credit card anyway--but I'm a person who will reformat her computer hard drive on a moment's notice without worrying about it.  I do it sometimes just because.  lol

---

Nallia wrote:

---

astrangerhere wrote:

---

Doug_Pardee wrote:

It turns out that, at least for my NOOK 1st Edition 3G w/1.7 software, it is not necessary to deregister and reregister if you change your account password. The NOOK will simply ask for the new password when you do a "Check for new B&N content."

 

The manual states that it's necessary to unregister to change the password, but the manual is incorrect. So it's a documentation problem rather than a software problem, at least for that model.

---

Does anyone know if this works for the N2E?  I was one of those people that had their Sony account hacked, and I would like to change my PW.  I do not, however, want to have to reshelve my 200+ books because I have to de-register. I dont want to change this without knowing before hand...

 

UPDATE: The live tech customer support chat tells me that no, i can't do this.  But as the documentation for n1e said no, i am wondering.  the DRM is attached to my name and CC #, not my password. This should be very doable.  I am agreeing with Doug's OP that this feature is a necessity.

---

I just changed my password to test it and I had no problem.  My N2E didn't even ask me for the new one and I syned my library and bought an ebook.

 

 

---

We had to change my mom's password and I was able to sync the N2E and it downloaded last week's free friday book which she had purchased through the computer last week.  Now I logged into the site on the computer and when I try and sync the Nook or shop it just gets stuck in an endless syncing loop, so I'm wondering if for some reason the N2E is now not recognizing the password or if there's some other issue?  Has anyone else had luck with changing the password on their account and not have to deregister the N2E.  She doesn't have a lot of books so it isn't really a big deal, but I'd rather not if I don't have too.  Maybe I'll just wait until tomorrow to see if it's simply a network problem since I don't understand why it worked 1/2 hour ago and won't work now, since all we did was log into the site for something.

Something seems terribly wrong with B&Ns password handling.  If my password is ever compromised (or I fear it may have been), changing my password is not sufficient to protect me.  Because if someone has already signed into the account on some other device, they will never be challenged for the new password and can continue to use the account forever.

 

I would think that if a password were changed, anyone trying to log into the account (through browser, nook, tablet, etc.), would be asked to enter the new password on the next sync.  They should definitely not be able to make another purchase without the current password!

 

But in the current model, someone could use an account indefinitely.  Changing the password has no affect.

 

Am I missing something?  Does Amazon do the same thing?

---

OldAndSmart wrote:

Something seems terribly wrong with B&Ns password handling.  If my password is ever compromised (or I fear it may have been), changing my password is not sufficient to protect me.  Because if someone has already signed into the account on some other device, they will never be challenged for the new password and can continue to use the account forever.

 

I would think that if a password were changed, anyone trying to log into the account (through browser, nook, tablet, etc.), would be asked to enter the new password on the next sync.  They should definitely not be able to make another purchase without the current password!

 

But in the current model, someone could use an account indefinitely.  Changing the password has no affect.

 

Am I missing something?  Does Amazon do the same thing?

---

I went back, and I'm missing what you are referring to. My understanding, and from what others have posted, is that if you change the password to your account online the next time you go to sync/purchase with the device it will prompt for the new password.

 

Have you experienced something different? If so, how?

 

Also, not clear on how, if your password is compromised, that changing it is not sufficient to protect you in many cases. Through the device (say if lost or stolen) they have no access to your account information (such as default CC or address). Through the online account, they do have access to more information, but not even then to your complete CC#.

 

Obviously, there are some extreme cases where closing the account may be necessary, but they should be few and far between. And before you just do it, I would call B&N, talk to whoever handles their fraud and identity theft issues (not just someone in CS), and see what their recommendations are.

 

A little kindness may grease the wheels and get them to transfer your old account's content to the new account. (Doable, but not policy.)

Ok - here is a scenario.

 

I gave a Nook to a relative as an xmas gift.  When we exchanged gifts I registered the unit to myself and connected it to my account, allowing them to look at some magazines and books I had already purchased.  I told the person to re-register for their account, which I think they did but not 100% sure.

 

So they would not be able to make purchases off of my account, and continue to access all of my content (not to mention know all my reading preferences), I changed my password.  But, if they haven't reregistered their device, the password change would have no affect on their access to my collection or even stop them from making new purchases using my credit card. Nothing I can do short of transferring my books and magazines to a new account, and closing my old account, would stop my relative from accessing my account.

 

Something seems wrong here.

---

OldAndSmart wrote:

 

if they haven't reregistered their device, the password change would have no affect on their access to my collection or even stop them from making new purchases using my credit card.

---

If you failed to set the "password required for purchase" option, I don't see how that's B&N's fault.