LET ME IN

Dick Pountain /Idealog 320/ 05 Mar 2021 10:07

Last month I confessed to feeling less hostile toward the giant digital corporations than is fashionably required nowadays, and this month I’m heading further still into the wilderness by admitting that I’m not particularly paranoid about online security either. That’s not to say I deny the importance of my dear colleague Davey Wilder’s advice which I do follow, and as a result have only experienced two successful virus attacks in 40 years. 

In the mid-80s I used to visit CeBit with Byte every year, where one drunken evening with members of the Kaos computer club I accepted a floppy disk of source code that blew up the laptop I was using. (Un)fortunately it wasn’t mine but borrowed from a friendly London dealer. Ooops. The second one I caught around 1998 after clicking a photograph on The Register which injected some malign entity that rapidly paralysed my own Thinkpad. Windows backup failed too and the plucky PC Pro lab folk had to dig me out of that one. 

Maybe it was that experience which persuaded me to sell my soul to Google. Since then Gmail’s antivirus abilities have stopped all manner of nasty attachments, and together with regular Windows Defender and Malwarebytes scans kept my laptop clean until I moved to a Chromebook. All fine, until recently Google’s vigilance has turned oppressive: I occasionally get a Critical Security Alert saying someone has just logged in using my password. I have four devices, two connecting via Android, one via Windows and one via ChromeOS and Google appears no longer to realise that they’re all me. I do change my password now and again, just in case it was true, and thrillingly Google refuses to accept my new password the first time I try it and asks for the old one, then accepts it and sends a Critical Alert saying someone has just changed my password. All very exciting, but small beer compared to some of the other sites I use.

I recently had a spat with PayPal when they upgraded me to a paid-for professional account I didn’t want. It was quite a performance trying to sort that one out as it’s virtually impossible to speak to a human and they place ‘limitations’ on your account that stop you changing anything. In the end after sending several emails from the help centre I was permitted to close the account and open a new, none-pro one that I now use satisfactorily.

But that again is a model of efficiency and approachability compared to Patient Access. A subsidiary of EMIS Health, this site provides appointment booking and repeat prescription services to GP practices, including mine. I only use one service, a 3-monthly repeat prescription for blood-pressure medication (not induced by Google or PayPal I hasten to add). This had been working well for over 10 years until last November, when Patient Access announced an extra level of security using a memorable word and hint mechanism. This didn’t bother me as my bank has been using a similar system for years, so I duly set both and forgot about them until last week when my prescription needed renewing.

Logged on with my old ID and password, was asked for three characters from the memorable word, which it said were invalid. Tried several times more, same, told only had three tries left. Decided it must have stored my memorable word wrong, so went to change it. Could only do that after receiving a code sent by SMS to my mobile, but since mobiles had never been involved before they had an old number from a previous phone. You guessed it, to update my mobile number I need to enter the memorable word….

I did eventually reach a human via email (after much digging to find an address) who told me there was nothing they could do except close the account, and I must re-register by visiting my GP surgery (pretty well inaccessible due to Covid). Fortunately I had linked the account to my local pharmacy years ago, which is now permitted to renew the prescription for me, so I’ve just walked away from the wreckage. Being curious though I Googled “Patient Access memorable word problem” and stumbled into a pit of boiling white-hot rage and indignation: hundreds were similarly locked out despite correct log-on details, some needing far more serious meds than me (one of them wondered whether the site had been designed by Dido Harding). 

In last month’s column I suggested that perhaps a good way to tax the digital giants would be by accepting part payment in use of their excellent infrastructures for our public services. Can’t imagine a better example of where Amazon’s seamless purchasing process is sorely needed. 

[Dick Pountain’s blood pressure is 128/76]