CNET también está disponible en español.

Ir a español

Don't show this again

Internet

Password glitch riles ICQ users

The company's efforts to bolster security for the instant messaging service are drawing complaints from some people who say the measures have locked them out of their accounts.

America Online's efforts to bolster security for its ICQ instant messaging service are drawing complaints from some people who say the measures have locked them out of their accounts.

AOL earlier this year revamped ICQ password verification procedures to stop account hijackings, which have been a persistent problem for the service. ICQ (short for "I seek you") accounts are numbered sequentially, and early accounts with low numbers are valuable targets for malicious hackers.

While AOL said response to the new system has been positive overall, complaints abound from members finding themselves shut out of ICQ.

One ICQ message board is full of complaints from members who say ICQ is shutting them out of their accounts without warning or explanation.

AOL dismissed those complaints, saying that the new password retrieval method is working according to plan.

"We are confident that the new password retrieval system is clearly doing exactly what it is supposed to be doing, which is maintaining the integrity of ICQ accounts and passwords for the legitimate users of these accounts," said AOL spokesman Nicholas Graham.

ICQ has spent the past few years putting out fires on the account-theft front, including an incident this year in which an account was held for ransom.

After studying ICQ account theft for six months, AOL last month implemented a revised password retrieval system that it says will prevent unauthorized ICQ members from taking over other accounts.

"Over the course of the past six to eight months, we have collected numerous emails from ICQ members who have been concerned about the issue of password retrieval," Graham said. "We now have a more convenient, more secure, improved method of password retrieval...that purges accounts of any invalid users and kicks them off the ICQ service."

Under the old method, ICQ members who forgot their passwords would enter their ICQ numbers, and ICQ would send the passwords to their primary email addresses. The trouble was that hackers found ways to alter those primary email addresses, even before stealing the password, and engineered the accounts so that the passwords were sent to them.

With the new system, passwords are sent to the first email address entered into the account. Subsequent email addresses are invalidated, and ICQ members associated with those addresses are blocked from using the service.

ICQ has signed up more than 70 million registered users since its launch. The service, which lets people know when friends and colleagues are available for online chats and enables a kind of electronic conversation, has inspired numerous instant messaging products from competitors including Microsoft and Yahoo.

AOL, whose AOL Instant Messenger counts more than 61 million registered usernames, acquired ICQ in 1998 through its purchase of Mirabilis.