Author Topic: Your Origin Password has been reset?  (Read 77 times)

Snique

  • Cupcakes Member
  • Hero Member
  • *
  • Posts: 1714
Your Origin Password has been reset?
« on: February 22, 2017, 09:10:11 AM »
Anyone else get an unsolicited email from Origin/EA informing you that they've reset your password? I do have an EA/Origin account that I had to create for Mass Effect 2 and haven't used since. So that makes sense.

Two things make me suspicious. One is that the text form of the reset link they sent uses HTTP not HTTPS. I would think that ought to be standard on any password form.

Two is that the email says "Emails we send associated with the security of your account will not use clickable links. Instead, we encourage you to type the URL manually into a browser..." (yeah, right, who's going to type all that token gobbledygook manually and without error?) ANYway, that text appears _right below_ a clickable link. The text form of the shows "http://www.origin.com/us/account/reset-password" but the underlying URL is for click.e.ea.com with a giant encoded token after it.

Color me suspicious.

Edalia

  • Red Velvet
  • Cupcakes Admin
  • Hero Member
  • *****
  • Posts: 4088
Re: Your Origin Password has been reset?
« Reply #1 on: February 22, 2017, 10:19:58 AM »
It's good to be suspicious. I had an issue where one of my two EA/Origin accounts had someone ask to reset my password, so I closed the account. I would suggest going to the EA page and reset your password there, ensuring that you are at an HTTPS site that identifies itself properly before changing anything. You can also apply two-factor auth to your account using the Google Authenticator, which is also useful.

The HTTP link could be a redirect through whatever service they use for mass emails, and the policy boilerplate about clickable links could be something someone stupidly ignored. If you're suspicious, though, no harm in not clicking.
o/\o