I encountered the same problem tonight, 2-16-12. I also have been using the same password for years and tonight it ept asking for it. I thought maybe someone has hacked my account and changed my password. I decided to go and change my password and instantly I have access to my email account. If this was a forced change in passwords some forewarning would have been nice.

Same thing here.  Stopped seeing my email come over my phone yesterday around noon.  Tried to reset the account on the phone and that's where I got the "invalid" password notification.  Just tried to login here this morning and had to go through the security question etc. to set up the account again.  3 of us now - I'm calling CS...

This could be caused by a couple of things:

 

Someone hacked your account and they changed the PW. 

or

Comcast noticed that a hacker got into your account and the system changed your password.

 

The fix is to change your pw.  Passwords should be long, include numbers, Upper Case letters and not be words.  Length of password is very, very important!

 

8 and 9 character passwords (even random) can be hacked quickly.  Computing power can crunch those passwords incredibly fast.

 

Just remember to keep it under 16 characters.

 

 

 

That happened to me too. I have the password preset in my ipad and I'v ebeen using my email without any problem unitl yesterday. A message saying " invalid password" popped up. I tried to access my emial in my computer and that didn't work,too.  I haven't change my password and everything has been preset long ago. Anyway, I called comcast and reset my password, they do not have any explanation of this incident.....

Same thing happened to me today - password was not changed by me and typed very carefully repeatedly but could not log in on my phone or on the web - said password was incorrect.  How do we find out if it is a forced password change or if the account has been hacked?  I switched to Comcast after a ridiculous hacking situation with Hotmail, so I would like to be sure my account is safe.

 

This has happened to me several times over the last few weeks, and again today. If it's a hacker, they are not using my account for anything so far as I can tell. Changing the password and making it harder doesn't help. I feel like Comcast is doing something here. Sure would be nice to receive an answer from someone in Comcast who knows what is going on.

DITTO to the above!  Comcast needs to admit it's their error and quit telling customers lame excuses as to their passwords being too short, hacked, blah blah.  If you want to double check you haven't been hacked, their Security dept supposedly can tell if someone unauthorized has tried to log in.  IF this was an isolated couple cases, i could see maybe this being a valid reason. However, with all the recent issues and frequency of the same problem, I think it's more likely on comcast's end. 

Comcast has a history of dodging responsibility in my experience, telling us we needed to purchase new wireless equipment, when come to find out, our wifi connection was getting lost because they crammed too many customers into our "neighborhood".

Figure it out comcast, and quit making excuses!

Same here. Almost every week for the last month and a half. So far nothing is compromised so I suspect there is a glitch in the system. The account holder has had no issues either.

What the heck is going on COMCAST? Hey guys this happend to me too, twice already. The 1st time I thought because my original password that I had for years was because it was too short, only had 6 letters, no #'s so on.

I reset it to a new password, just like Comcast said. I reset it 1st too my desktop check mark remember me, then I set it in my iPod, and my Asus Prime tablet, all went well until 4 days latter, same as you guys. I called Comcast just now and they said maybe some at my home reset it, Ha! Ha! I said, I told her it's just me and my wife, and she does not touch anything that deals with pushing bottons, she hates Electronic stuff.

II have not been here on the forum for some time, because everything since about two years has been great, until now. If it happens again, I'll tell them COMCAST has a problem., not me, know one has hacked me yet..wow! has I was typing this, my Security protection just popped up a report, it said 0 on everything, no hacks, no threats.Oh well, will try again, Wow! phone call just came in for the Comcast servey, last question on survey they ask you to give a recorded message, I told them that I'm not the only one having this problem, lots of us on the Comcast forum had, or having the same problem. Wish us all luck.

It happens again, just now, 2 times in a week. I just retrieved an email and after replying it. I couldn't send it as my email password is incorrect. The email was just retrieved a min ago and I was still logged in in the email account. Comcast's customer service is very disappointing. All the rep said was she has no explanation, but she can connect me to the security dept to see if my account is hacked. After holding for less than a min, the line is disconnected. I voluntee to participate in the service survey before i talk to the rep but of course I NEVER receive the call back for the phone survey.... After using Comcast for almost 10 years, It is about time to change to another Internet service, I am extremely unhappy with their way of helping customer to solve technical problem.

Just happened to me to; had been using the same password and then suddenly out of nowhere it kept telling me my password was wrong. I didn't bother to call in since I never find anyone to talk to who knows anything.

Folks,

Comcast will occasionally reset passwords if we see conclusive proof (we check quite dilligently) of an apparent compromised account. If it's happening quite a few times, I'd highly recommend changing your password to something very strong and scanning all household computers for malware.  

Comcast Jordan,

 

While it is appreciated that someone is monitoring account security, some sort of notification that an account may have been compromised and that a password change is required would be helpful. 

 

Rather than going crazy repeatedly typing what you KNOW is your password over and over across several devices and computers and being told this is incorrect.  Many systems and programs require password changes and a simple pop up or email reminder could improve customer service...

 

Just my two cents...

Use a strong password between 8 and 16 characters in length, consisting of a random mix of upper and lower case letters, numbers, and special characters.  Do not use the same password on multiple sites.

Here is a Microsoft site about testing your password strength and creating strong passwords too.

https://www.microsoft.com/security/pc-security/password-checker.aspx

 

 

 

Has happened to me twice in last week after years of no problems with the same password. No evidence that account had been hacked.  And if it were truly a security issue (as the big C claims) and they were so worried about it why did it let me change my password back to the original one that I was forced to change from to get back into my account last week.  Wouldn't you think they would permanently disallow a password that had been "hacked" to be used.  They don't have a clue what is going on and can't find the glitch so are starting to scramble for answers without thinking it through.

Here is a good article which describes ways that passwords can get compromised. The best way to stay secure is to use a strong password unique to every online service you use and change it every so often.

Some points to stress ...

-Comcast uses several security measures to protect against brute force attacks, a little too detailed to go into here.

-We store password values using a salted SHA algorithm. This value is hashed after combining the email address and the cleartext password. This means that a hash is stored which cannot be decrypted, but only used as a comparison when a login attempt is made. This ensures that even if someone were to gain access to our secure system, they still couldn't access the clear text value of the password and therefore not be able to login.

-We provide antivirus programs for free that should be used to prevent viruses and other attacks on our users' computers.

There is another type of attack that is not in the article because it technically has nothing to do with your actual account. This happens when someone finds a valid email address and uses it to spoof messages to several people. Sometimes this appears to be a hacking of an account when in fact the actual account has never been compromised.

 

 

 

 

Aliyu,

We've been evaluating the move effective way to do that notification.  Unfortunately, the BEST way to do it is via email... which just had it's password rest.... so you see the catch-22.  We have evaluated other options, but none seem to be quite viable.  We continue to evaluate.

Crowbah,

Your point is quite valid, but your conclusion is a bit off.

"Remembering" the last password used requires a significant amount of development, which is being worked. So we unfortunatley do allow customers to reuse their previous password at this point. That won't be the case in the future.

Comcast Jordan,

 

Here's a thought - an email message in advance of when the change must take place - such as "your password will be need to be changed within the next 24 hours/ (or 7 days, or some reasonable amount of time) or you will not be able to access your account..."

 

The only time I have been locked out of an email account without warning was with "the incident" I had with Hotmail that turned into a HOTMESS - switching email accounts for all financial accounts, friends, and even email marketing and newsletters - it is easy to forget how much your email is linked to all of your business and personal needs! 

 

The sense of panic that I was having similar problems with my finally established Comcast account could have been eliminated if I had received a notification that my password must be changed BEFORE getting the message that my password was incorrect - knowing that it was correct...and now that I see others have had this happen multiple times, I am still not convinced that I will not have to go through that hassle again.

 

I am not sure what options have been evaluated, but it seems that just letting folks know what's going on is what everyone is looking for...managing expectations...customer service.

---

aliyu wrote:

Comcast Jordan,

 

Here's a thought - an email message in advance of when the change must take place - such as "your password will be need to be changed within the next 24 hours/ (or 7 days, or some reasonable amount of time) or you will not be able to access your account..."

 

---

Makes perfect sense except the issue with this approach, and why it was discounted, is the account has been compromised.  That means the person compromising the account gets the notice!  

So then we'd be informing the attacker affording them an opportunity to take action.

 

I completely understand your frustration.  We've played out the scenario several different ways and still look for the best, most efficient way to help the customer.  Our current approach heavily favors security over communication.  We're working on fixing that.

same issue this evening.  There was a data breach between now and one week before.  I understand companies would not like to disclose this type of information but I believe it's best to do so for the subscribers benefit.

 

My corporate network seems to have no problem with this issue.  When I am required to change my password I AM NOT allowed to use a password I previously used.  So I don't think it's a technological Everest.

---

ComcastJordan wrote:

Folks,

Comcast will occasionally reset passwords if we see conclusive proof (we check quite dilligently) of an apparent compromised account.

---

Would that password continue to work when logging into webmail? It's not uncommon for passwords to not work with the mailservers yet still work with webmail, so I'm wondering, you know?

Comcast Jordan,

 

Good point about alerting the person compromising the account...what about an automated phone message (assuming the person has given a phone number and that the person trying to compromise is not at the same address/phone number)? 

 

Or, instead of just "incorrect password" on the popup - how about a message that includes the possibility that your password is failing because it MAY have been compromised and you need to go through the steps to reset the password...

 

Trying to think of things to avoid the user (me) having that sinking feeling that all is "lost" and that all accounts/contacts will have to be reestablished with a new email address...

 

aliyu wrote:

Comcast Jordan,

 

Good point about alerting the person compromising the account...what about an automated phone message (assuming the person has given a phone number and that the person trying to compromise is not at the same address/phone number)? 

 

Or, instead of just "incorrect password" on the popup - how about a message that includes the possibility that your password is failing because it MAY have been compromised and you need to go through the steps to reset the password...

 

Trying to think of things to avoid the user (me) having that sinking feeling that all is "lost" and that all accounts/contacts will have to be reestablished with a new email address

---

That's very much like the model we're moving for.  Keep tuned for changes in the future.

I had the same problem today!!! I havent changed my password in quite a while. I wasnt getting my emails on my phone, got a msg invalid id or password. Went on mobile website, got the error msg. Now I am having a heart attack. Was my account compromised, what is going on. Why wasn't I notified??? But I was able to change it crazy me changed it to my original password, but then I couldnt go back and change it on the mobile website.  Come to think of it, I wasnt asked any security info on the mobile website, I could be wrong, all I had to do was put a phrase in the box, the phrase kept moving. What kind of security is that??? I changed it again at work and my security question and answer.  I called comast when I got hiome and I was told they cant tell if someone changed my password or if my account was compromised. I wasn't directed to the security dept, I was transferred to tech support who didint even tell me I can call the security dept or offer to transfer me. SERIOUSLY!! I get that the notification would go to the hacker,and possibly not me. But eventually I would know when I dont have access to my email. What would happen if the hacker changed everything, your answer to your security questiuion??? Then what??? Hopefully they come up with something to safeguard us. If they do monitor our account, they should notify us some how if there is suspicous behavior. How about a letter to the home??? The hacker cant change the address where my service is, can they??? Then I wouldnt get my bill.  Very dissatisfied!!! 

I will also jump on the bandwagon.  I had to reset passwords on 2 of my accounts twice.  There is definitely something fishy going on that merits investigation and an official announcement!

Either Comcast is getting hacked on a continuous basis and not holding up or they are in serious denial that they have a glitch in their system.  This password thing is becoming an every other day affair, even with the strongest of passwords.  Incompetence or arrogance I don't know which but it is getting extremely frustrating.  And what was that thing that came up this morning signing in to try and prevent spammers?  No explanation or anything as to why it appeared on the sign in page and hasn't been seen since (and yes I was on your site and not someone masquerading as you).

 

Comcast, transparency is all I am asking for here, not corporate doublespeak.

Hey Crowbah,

I'm here to answer any questions I can.  When we see evidence of comproimse on an account, we will reset the password.  We're working on a way to make the reset process a lot less painful to our customers.  What else can I help with?

Well, happened again today. For the last two months I have to "reset" every 7-10 days.

I had the exact same problem today. I'm glad to see it's not just me. I encountered the first problem in mid February, as people are mentioning here. I noticed at that time it was asking for new requirements than I previously had (my previous password was complex, but didn't include an upper-case letter, the new requirements ask for at least one upper case and at least one lower case.) So, at the time I figured they must have changed their password requirements, and instead of letting people know in advance, they just freaked us out with an "incorrect password" warning.

 

The weird thing is, as the last post mentioned, the exact same thing happened today - no other changes, just another repeated series of "incorrect password" errors until I forced it to go through the "forgot password" sequence again, at which point it now works perfectly. Unlike last time, though, there don't seem to be any changes to Comcast's requirements since the last time this happened, so it seems clear that Comcast's servers are either requiring this Password change process to be executed at certain times, or something is seriously screwed up on their servers and the passwords are being forgotten.

 

As mentioned, yes, it would be extremely nice to have some advanced warning that a change is going to be required, so people can click a link in the email to change the password, instead of just freaking us out and making us think we've been hacked.

 

ONE SUGGESTION: when I changed it before, I did it on my personal account, but NOT the control account which runs my actual Comcast subscription. Today when the same error occurred, I decided to change the password on both accounts, to see if maybe that was why the system required it again. You might try that. I guess we'll see, if it does it again, then it wasn't the problem, but if not, maybe they were going to continue forcing changes on personal sub-accounts until the owner changed the password for the control account?

Amending my last comment - while I understand the Support Personnel's comments here - that being, if an account is compromised, notifying someone will do no good because the account has already been compromised, and if an account IS compromised, the best thing to do is to force a change immediately - I don't necessarily believe that is what has happened here.

 

First, there seem to be a number of people complaining of this issue, happening around the same time as each other. If this were my email account being hacked, why did the attacker only force a password change on my email account? Everything else is the same - security questions, etc.

 

If this were malware on my NEW computer, first, why hasn't Norton Security Suite caught it? Second, why is my email the only account to have been compromised? If it's malware, wouldn't one expect my financial accounts to be compromised? Passwords to every other site I use on a daily basis changed? That's what I would expect to happen, but maybe I'm wrong....

 

Basically, Comcast is saying that all of our accounts show evidence of being compromised by... a zany hacker that only wants to cause a minor inconvenience to only one of our accounts.... I don't think that's what has happened. The most logical conclusion seems to be that something has happened or changed on Comcast's end and, either they mishandled it by not letting people know in advance and don't want to admit it (best case scenario) or it was a "compromised-security" concern that they wished to avoid announcing to the public (worst case scenario.)

I just had to change my password as well (as well as the other members of my family). I can't account for the security of their computers but mine has no viruses or spyware and everything is up to date. It seems like comcast accounts might be getting brute forced maybe.

 

I'm still waiting for them to release an authenticaion app for Android/Apple/Blackberry and just have better security measures period. Kind of similar to the security measures that Gmail has implemented for their email accounts, its utterly impossible to break into an account if you use all the features. 

Also it seems that Outlook (2010) cant connect to the email servers, even after readding the email account to it and following the instructions on comcast.com exactly

This has happened to me several times and I have a theory.  My email account does not appear to be hacked and none of our other secondary Comcast email accounts have had this problem.  What is the difference, you ask?  The account that keeps making me change my password is the one I have set up on the Xfinity App on my Droid.  I finally got so fed up with typing my long, and theoretically strong, password into the app with my tiny phone keyboard, I uninstalled the app.  Haven't had to change my password since.

 

Humm, could be that I'm on to something.  Being a Computer Scientist by trade, I wrote a program to use a random number generator to create my password of 16 ASCII characters.  Comcast seemed to think it was hacked in one day.  I think not.  Maybe the app in my phone was pinging the server too much and that caused the security breach.  JMNSHO, as we say in the biz!

ME too, for the 3rd time had to change my PASSWORD, Just called Comcast, they don't know what's going on.

I had Comcast for over 30 years, never had this happen to me.

The 2nd time had to change password, Comcast said some one in the Family must be doing it, No way I told Comcast, it's just me. If Comcast wasn't so good on there cable and internet I would change to a different service Co.

Comcast said we are not getting breached of our account, and they do not change passwords, he made a note of it, and said a great day, Sure, Right.

Are you connecting to the mail server at public WiFi locations?  Library?  Just wondering.

Im not on a public network. Wifi is password protected and predefined MAC access is set up in my home (not that its needed where I live).

 

Seems kind of interesting that these problems are occurring around the same time of the new texting features are being rolled out, as well as the new services on xbox and the spectrum service.

I just had to change my password as well. Definittely something is going on with Comcast.

This is now getting to the point of ridiculousness. I have now had this same problem 3 times in about as many weeks. I am concerned that Comcast has been hacked and someone is gaining access to my email! Comcast, you need to let people know what is happening. I sign on and it tells me that user I'd and password are not recognized.

I think you may be onto something when you mentioned getting the Xfinity app installed on your phone. My husband did that recently right before I had my problem, although fortunately I haven't had the problem since. If it happens again I'll just have him uninstall it.

I have no app for Xfinity, matter the fact I have no Smart phone either for the App.

Still seeking a resolution to this issue...

 

Things done so far:

• Been able to access my email through the comcast website only, after I changed my password through sms authentication. Password was reset to a very strong password.
• No viruses detected, No Malware Detected, No Windows updates Available (windows 7).
• Not able to connect to mail.comcast.net or smtp.comcast.net VIA Outlook 2010 with latest office 2010 service pack AND tracert.
• Reset modem, reset router. Kept them both off for over 5 minutes. x3 (If it didnt work the first time, i dont know why it keeps getting suggested).
• Completely wiped the account information from Outlook, including the PST file.
• Re-entered the CORRECT account information, ensured everything was checked and unchecked as described by the "how-to" section for outlook 2010 on Comcast.com
• Attempts to contact the server time out, I am queried for my account information for both incoming and outgoing servers, and then outlook freezes for a bit.
• Nothing is wrong with outlook, I am able to utilize my active sync and google email accounts perfectly fine from it.

Things Comcast can do

• Check their server settings
• Check to see if any new service rollouts have caused this issue
• Stop treating those of us who call or text customer support as idiots. You'd be suprised how insulting it is to be told youre entering your password and/or settings wrong when youre clearly not.
• Check to see if this outage has any relation to the DNS server attacks done several days ago by hackers.
• Have your server admins examine server logs to see if there was any unauthorized access to comcast authentication systems, and or if they're even functioning to receive requests from 3rd party mail clients.

I could go on but I'm not getting paid for this. You have professionals, put them to work.

 

The same thing has happened to me FOUR times in the past week and a half.  It wasn't until this last time I just called that they admitted there is a problem with the system.  The other three times they kept saying that I must have forgotten my password (I'm like you--have had it for YEARS!) or that they problem is with my computer.  Believe me, I knew it was not.  I asked them when they were going to get it worked out, and the answer is a very definitive " We don't know".  I am running out of passwords and beyond irate.

Well at least we now know what's going on, for the last week my wife has had the same issue and thought her account was hacked we spoke to the online Comcast Rep to reset and make sure the account had not been hacked. Not once did they mention that this was a system wide issue. Comcast needs to own up to this the minute an individual can't access an account they think of fraud. Horrible job on their part.

ALL-

The Comcast XfinityConnect Team is aware and working on a resolution.  The Help Forums Administrator is also in contact with that Team.  Updates will be posted when available.

In the meantime, if you are changing your passwords, do make sure that:

 

Use a strong password between 8 and 16 characters in length, consisting of a random mix of upper and lower case letters, numbers, and special characters.

 

If you use an email client as well as XfinityConnect, don't forget to match up your new password there as well.

 

CC

Finally a bit of "mea culpa" on their part.

@Jaymo, if this was the scenario - comcast reset all compromised account passwords.  Comcast may have found the exploit used to gain access and saw what transpired.   That's what may have caused the mass password reset which was the best thing to do by comcast

Right, I'm with you on that and agree completely. I'm just saying that it seems unlikely that it would be happening multuple times to people if that is the explanation, and for it to be something on our computers it would likely be far more widespread than just our email accounts.