The Internet - Security
#1
The Internet - Security
I work in IT but I do worry about one day, being a target. I keep all my passwords secure but it seems, this is just getting worse, not better...
We need something better than passwords.....
http://money.cnn.com/2005/11/07/tech...kers/index.htm
We need something better than passwords.....
http://money.cnn.com/2005/11/07/tech...kers/index.htm
#2
Re: The Internet - Security
Originally Posted by franc11s
I work in IT but I do worry about one day, being a target. I keep all my passwords secure but it seems, this is just getting worse, not better...
We need something better than passwords.....
http://money.cnn.com/2005/11/07/tech...kers/index.htm
We need something better than passwords.....
http://money.cnn.com/2005/11/07/tech...kers/index.htm
#3
Lost in BE Cyberspace
Joined: Feb 2004
Posts: 14,577
Re: The Internet - Security
Originally Posted by franc11s
I work in IT but I do worry about one day, being a target. I keep all my passwords secure but it seems, this is just getting worse, not better...
We need something better than passwords.....
http://money.cnn.com/2005/11/07/tech...kers/index.htm
We need something better than passwords.....
http://money.cnn.com/2005/11/07/tech...kers/index.htm
#4
Re: The Internet - Security
I keep waiting for the day when I can buy a $39.99 thumbprint scanner or similar and do away with all the god damn passwords.
It is so bad that at work I have to keep a list inside my desk of all the pw for my different customer's web sites, the mainframe, email, bank, 401-k, blue cross, pay pal, etc etc. Kinda defeats the purpose methinks.
It is so bad that at work I have to keep a list inside my desk of all the pw for my different customer's web sites, the mainframe, email, bank, 401-k, blue cross, pay pal, etc etc. Kinda defeats the purpose methinks.
#5
Re: The Internet - Security
Originally Posted by ironporer
I keep waiting for the day when I can buy a $39.99 thumbprint scanner or similar and do away with all the god damn passwords.
It is so bad that at work I have to keep a list inside my desk of all the pw for my different customer's web sites, the mainframe, email, bank, 401-k, blue cross, pay pal, etc etc. Kinda defeats the purpose methinks.
It is so bad that at work I have to keep a list inside my desk of all the pw for my different customer's web sites, the mainframe, email, bank, 401-k, blue cross, pay pal, etc etc. Kinda defeats the purpose methinks.
I keep all my passwords in a text file stored on cd at home - real pain in the ass though. I also let mozilla remember most of them for me which probably isn't a smart thing to do.
#6
Homebody
Joined: Jan 2005
Location: HOME
Posts: 23,179
Re: The Internet - Security
Originally Posted by BigDavyG
Ahh, the mianframe. It used to be that I couldn't wait to move on to something new. Then they moved me onto a CMM team - now I long for the green screens again.
I keep all my passwords in a text file stored on cd at home - real pain in the ass though. I also let mozilla remember most of them for me which probably isn't a smart thing to do.
I keep all my passwords in a text file stored on cd at home - real pain in the ass though. I also let mozilla remember most of them for me which probably isn't a smart thing to do.
The problem is, with over a dozen passwords and different user names, most people probably write them down somewhere - which in turn reduces security. So one is in a kind of no-win situation.
#7
Mr. Grumpy
Joined: Jun 2003
Location: Nashville, TN
Posts: 3,100
Re: The Internet - Security
Financial institutions would do well to implement 2 factor authentication such as RSA secureID or other token-based offering
Bank of america is pretty crap, just requiring a simmple username and password
at least most Uk orgs need three types of password for authentication
Bank of america is pretty crap, just requiring a simmple username and password
at least most Uk orgs need three types of password for authentication
#8
Re: The Internet - Security
The best idea I ever used for password security to a financial site was in my second home in the backwaters of former communist Europe.
The access to the bank site we used worked like this:
* You entered a standard username and password on the front page
* You went through to a secondary log in page which required another password.
* The bank instantly text messaged the one-time secondary password to your cell phone.
They had a couple of things working for them in implementing this system. Firstly the state telephone company was so bad that everybody had a cell phone, secondly there were only two cell phone companies, and thirdly neither company charged for receiving text messages.
I thought it was an excellent idea -- caused us endless problems trying to run the account from the States, though!
Also, have noticed recently Ingdirect have changed their log on system. You now need to enter your pin using a mouse. Presumably stops keyboard loggers picking up your pin.
The access to the bank site we used worked like this:
* You entered a standard username and password on the front page
* You went through to a secondary log in page which required another password.
* The bank instantly text messaged the one-time secondary password to your cell phone.
They had a couple of things working for them in implementing this system. Firstly the state telephone company was so bad that everybody had a cell phone, secondly there were only two cell phone companies, and thirdly neither company charged for receiving text messages.
I thought it was an excellent idea -- caused us endless problems trying to run the account from the States, though!
Also, have noticed recently Ingdirect have changed their log on system. You now need to enter your pin using a mouse. Presumably stops keyboard loggers picking up your pin.
#9
Lost in BE Cyberspace
Joined: Feb 2004
Posts: 14,577
Re: The Internet - Security
Originally Posted by Elvira
It's very difficult to keep up with passwords and usernames. It's virtually imossible to have the same PW for everything as so many sites have different requirements in terms of length, including numbers etc. In any event, it's probably not smart to have just one PW anyway.
The problem is, with over a dozen passwords and different user names, most people probably write them down somewhere - which in turn reduces security. So one is in a kind of no-win situation.
The problem is, with over a dozen passwords and different user names, most people probably write them down somewhere - which in turn reduces security. So one is in a kind of no-win situation.
#10
Lost in BE Cyberspace
Joined: Feb 2004
Posts: 14,577
Re: The Internet - Security
Originally Posted by fatbrit
Also, have noticed recently Ingdirect have changed their log on system. You now need to enter your pin using a mouse. Presumably stops keyboard loggers picking up your pin.
I'd go with the RSA solution above if I owned a bank.
#11
Re: The Internet - Security
Originally Posted by ironporer
I keep waiting for the day when I can buy a $39.99 thumbprint scanner or similar and do away with all the god damn passwords.
#12
Re: The Internet - Security
FYI - A cheap trick for passwords is to use numbers for like letters :-
L becomes a 1
E is a 3 (E backwards)
S is a 5
h is a 4
O is a zero
B is an 8
etc., do something that is OBVIOUS to YOU, not to others.
For capital letters use 2 of the numbers where each letter would be. Use 3 letters for financial sites. So if you password is lemon it could be 13m0n or 111333m000n
Also, you don't have to write down the password, you could right down yellow favorite....
Now to come up with the password in the first place, pick a theme and for 3-6 months (or longer) keep that Theme for all passwords..
It means you don't have to write stuff down... because YOU will remember YOUR theme. Pick a simple or complex theme....
Say the theme is favourite foods..
c41ck3en or c4411ck33en (chicken)
v1nda100 or v11nda110000 (vindaloo)
or a complex theme like rhyming slang
wh15tl3 (whistle and flute - suit)
d0gandb0n3 (Dog and bone - phone)
or grand parents middle names
or weird topics..
Ok, you get the point...
I never forget a password, I now only forget the user id so I have to write that down... but I do a password hint to the real item but even if someone guessed it, they won' t know your number replacement scheme..
L becomes a 1
E is a 3 (E backwards)
S is a 5
h is a 4
O is a zero
B is an 8
etc., do something that is OBVIOUS to YOU, not to others.
For capital letters use 2 of the numbers where each letter would be. Use 3 letters for financial sites. So if you password is lemon it could be 13m0n or 111333m000n
Also, you don't have to write down the password, you could right down yellow favorite....
Now to come up with the password in the first place, pick a theme and for 3-6 months (or longer) keep that Theme for all passwords..
It means you don't have to write stuff down... because YOU will remember YOUR theme. Pick a simple or complex theme....
Say the theme is favourite foods..
c41ck3en or c4411ck33en (chicken)
v1nda100 or v11nda110000 (vindaloo)
or a complex theme like rhyming slang
wh15tl3 (whistle and flute - suit)
d0gandb0n3 (Dog and bone - phone)
or grand parents middle names
or weird topics..
Ok, you get the point...
I never forget a password, I now only forget the user id so I have to write that down... but I do a password hint to the real item but even if someone guessed it, they won' t know your number replacement scheme..
#13
Re: The Internet - Security
Originally Posted by anotherlimey
Doesn't stop the screen grabbers from logging picture and your mouseclicks though.
I'd go with the RSA solution above if I owned a bank.
I'd go with the RSA solution above if I owned a bank.
Works for me, I feel that it is secure, and that the things are easy to remember (except the bloody customer ID!). Noone would be able to guess the answers to the secondary questions.
#14
Lost in BE Cyberspace
Joined: Feb 2004
Posts: 14,577
Re: The Internet - Security
Originally Posted by Roadster280
For someone to spoof a client, they would need to know all of this info, because they always ask for a different combination of these items, and never the whole password, just three letters of it.
#15
Mr. Grumpy
Joined: Jun 2003
Location: Nashville, TN
Posts: 3,100
Re: The Internet - Security
Originally Posted by anotherlimey
Or they could just have had a screen capture program and keylogger on your PC for a few weeks.
AV
anti-spyware
windows updates
windows firewall
will mean that this kind of malware are not on your system
keeping systems secure is actually very straightforward, disinfecting one with horrible spyware that got in before the above measures is more challenging