If you use transferwise change your password
#16
Re: If you use transferwise change your password
I prefer lasspass, dashlane or roboforms
Last edited by mrken30; Feb 27th 2017 at 9:41 pm.
#17
Re: If you use transferwise change your password
Dropbox has had security issues in the past, it's not a security focused product
https://www.theguardian.com/technolo...8m-data-breach
There is an update for keepass
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
https://web.nvd.nist.gov/view/vuln/s...pe=all&cves=on
https://www.theguardian.com/technolo...8m-data-breach
There is an update for keepass
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
https://web.nvd.nist.gov/view/vuln/s...pe=all&cves=on
#18
Re: If you use transferwise change your password
One strategy that can help, as long as you don't want full automation (paste-in of passwords), is to store a mnemonic in the password database for at least part of the pwd.
So imagine if your 'actual' password is abcd1234!@#$-xyx. You could replace abcd1234 with 'alphanumeric', and that's your mnemonic for abcd1234. So the password manager would store 'alphanumeric!@#$-xyz', and you translate in your head the 'alphanumeric' sub-string to 'abcd1234'. You can use this 'root' portion of the password in all your passwords.
So imagine if your 'actual' password is abcd1234!@#$-xyx. You could replace abcd1234 with 'alphanumeric', and that's your mnemonic for abcd1234. So the password manager would store 'alphanumeric!@#$-xyz', and you translate in your head the 'alphanumeric' sub-string to 'abcd1234'. You can use this 'root' portion of the password in all your passwords.
#19
Re: If you use transferwise change your password
I believe you can keep a local key file with keepass.
#20
BE Enthusiast
Joined: Mar 2015
Location: Virginia
Posts: 352
Re: If you use transferwise change your password
Email is the most important as others have mentioned, so at least for that make sure you don't store that password anywhere and also have Two Factor authentication. I use LastPass for password management and have Two Factor on that, as well as Google, Facebook, Twitter, Amazon and my bank.
#21
Re: If you use transferwise change your password
What's the best way to incorporate a 2FA solution into a 'home user' situation?
I've implemented corporate 2FA solutions for 500+ users (cryptocard/safenet, I recall) using smartphone apps, and I've also incorporated the free Google Authenticator into a sophos firewall solution for a small business, but how do you implement a 2FA solution with a diverse set of 'hosts' such as my schwab bank site, my Visa site, my email provider, etc? Doesn't each 'host' have their own way of implementing the solution? is there a way to 'unify' this?
I've implemented corporate 2FA solutions for 500+ users (cryptocard/safenet, I recall) using smartphone apps, and I've also incorporated the free Google Authenticator into a sophos firewall solution for a small business, but how do you implement a 2FA solution with a diverse set of 'hosts' such as my schwab bank site, my Visa site, my email provider, etc? Doesn't each 'host' have their own way of implementing the solution? is there a way to 'unify' this?
#22
Re: If you use transferwise change your password
What's the best way to incorporate a 2FA solution into a 'home user' situation?
I've implemented corporate 2FA solutions for 500+ users (cryptocard/safenet, I recall) using smartphone apps, and I've also incorporated the free Google Authenticator into a sophos firewall solution for a small business, but how do you implement a 2FA solution with a diverse set of 'hosts' such as my schwab bank site, my Visa site, my email provider, etc? Doesn't each 'host' have their own way of implementing the solution? is there a way to 'unify' this?
I've implemented corporate 2FA solutions for 500+ users (cryptocard/safenet, I recall) using smartphone apps, and I've also incorporated the free Google Authenticator into a sophos firewall solution for a small business, but how do you implement a 2FA solution with a diverse set of 'hosts' such as my schwab bank site, my Visa site, my email provider, etc? Doesn't each 'host' have their own way of implementing the solution? is there a way to 'unify' this?
It would be nice if everyone used the same app/ device but I don't think that will ever happen.
#24
Re: If you use transferwise change your password
One thing that has got harder with passwords if entering the symbols on smartphones, especially when you are using 16 char plus passwords
#25
Re: If you use transferwise change your password
What secure sites do you need to access from your smartphone? Only thing I use is my bank's check deposit service, rarely (cant use laptop, must be mobile phone). I do use email on my phone of course, and for that I blindly allow saved passwords. I do have a pin on the phone, and I've just started using the (fairly reliable) fingerprint reader (new Samsung S7).
Last edited by Steerpike; Feb 28th 2017 at 6:07 pm.
#26
Re: If you use transferwise change your password
What secure sites do you need to access from your smartphone? Only thing I use is my bank's check deposit service, rarely (cant use laptop, must be mobile phone). I do use email on my phone of course, and for that I blindly allow saved passwords. I do have a pin on the phone, and I've just started using the (fairly reliable) fingerprint reader (new Samsung S7).
I could use a laptop, but a phone is more convenient and lighter.
#27
BE Enthusiast
Joined: Mar 2015
Location: Virginia
Posts: 352
Re: If you use transferwise change your password
What's the best way to incorporate a 2FA solution into a 'home user' situation?
I've implemented corporate 2FA solutions for 500+ users (cryptocard/safenet, I recall) using smartphone apps, and I've also incorporated the free Google Authenticator into a sophos firewall solution for a small business, but how do you implement a 2FA solution with a diverse set of 'hosts' such as my schwab bank site, my Visa site, my email provider, etc? Doesn't each 'host' have their own way of implementing the solution? is there a way to 'unify' this?
I've implemented corporate 2FA solutions for 500+ users (cryptocard/safenet, I recall) using smartphone apps, and I've also incorporated the free Google Authenticator into a sophos firewall solution for a small business, but how do you implement a 2FA solution with a diverse set of 'hosts' such as my schwab bank site, my Visa site, my email provider, etc? Doesn't each 'host' have their own way of implementing the solution? is there a way to 'unify' this?
#28
Re: If you use transferwise change your password
I used to find google/ms authenticator anoying as I didn't always have my phone ready at hand. After I put the app on my watch, much more useful. I can also now use 2FA on my phone much more easily.
#29
Re: If you use transferwise change your password
One of my deciding factors in switching from PNC to my current bank was their lack of 2FA, my current bank does have it. Amazon offers it too, and since I make most of my purchases from them and they have a lot of my personal data I use it. Not sure if Transfer Wise offers it directly, but I use my Google login for it, so I get 2FA through that. If a site offers login via Google or Facebook, I normally go for that option. Even if they don't have 2FA, many sites with offer some kind of alert system that will text or email you if your account is logged into from an unrecognised location. This happened last week to me with Facebook, someone tried to access it in Canada and they alerted me, I was able to block the access and change my password.
#30
BE Enthusiast
Joined: Mar 2015
Location: Virginia
Posts: 352
Re: If you use transferwise change your password
When you say 'outlook', do you mean office 365 (or does that include Office 365)? I use that (essentially, exchange hosted by microsoft) for both my personal and business accounts.
Isn't using your Facebook account to log into another web site also asking for trouble? I did look into that at one point, and felt that it was not a good thing - but I can't honestly recall why.
Isn't using your Facebook account to log into another web site also asking for trouble? I did look into that at one point, and felt that it was not a good thing - but I can't honestly recall why.
I prefer using Google over FB, but I trust either of them with security more than most other web services. When you sign in using FB or Google, the site doesn't get your password, it just gets confirmation from them that it is indeed you. As long as you create a new password each time for a new service it doesn't really matter, but using Google or FB account to authenticate saves you having to do that without exposing your password to any potential hacks of that service.