Data breaches (Name, Payroll details, bank details etc) are being reported in the press almost every week. Fraudulent Bank transfers also. It’s happening so often there is certainly a degree of fatigue and a “so what can we do about it?” numbness.
We take the view that it may be our data that is distributed far and wide with a resultant negative impact on our bank account. We treat your data as if it were our own.
If someone tries to log into an account more than a few times we assume the worst: it is a bad guy trying to steal your details. We block them immediately. Even the re-set password process is blocked. Re-enabling that profile requires the user to prove to you that they are who they say they are.
The message the user gets changes when they have tried too many times but does not indicate what is wrong.
To suggest what is wrong is the equivalent of saying the front door is locked, but if you go round the side of the building you will find an unlocked floor level window that you can climb in.
They will be asked to contact you.
How to re-set blocked accounts.
Whe a user contacts you, log in.
You can then go to the web user information page.
Use this to re-enable their account and then get them to go through the re-set password procedure.
It is a little more arduous than re-setting your Twitbook account, but how many times do we hear that somebody’s Twitbook account has been hacked? You have a much smaller user base than Twitbook and (hopefully) Twitbook just has nice pictures and not bank details.