| View previous topic :: View next topic |
| Author |
Message |
pjp
Administrator
Joined: 16 Apr 2002
Posts: 16029
Location: Colorado
|
|
| Back to top |
|
 |
John-Boy
Guru
Joined: 23 Jun 2004
Posts: 436
Location: Desperately seeking Moksha in all the wrong places
|
 Posted: Sun Nov 18, 2012 5:42 pm Post subject: |
 |
|
Nothing to replace 'em, unless every site you use starts
issuing RSA cards and they're somewhat expensive as I understand.
_________________
When you break rules, break 'em good and hard |
|
| Back to top |
|
|
ichbinsisyphos
Guru
Joined: 08 Dec 2006
Posts: 547
|
| Posted: Sun Nov 18, 2012 7:12 pm Post subject: |
|
|
| Quote: | | And to delay me from getting it back, they used my Apple account to wipe every one of my devices, my iPhone and iPad and MacBook, deleting all my messages and documents and every picture I’d ever taken of my 18-month-old daughter. |
Hu? How does that work?
But apart from that I don't see how he says anything new or how time or technological progress has changed anything since 1993. Storing plain text passwords on servers is bad and these idiotic password-recovery-personal-questions are too, I have always filled them with random characters, even though I am not a celebrity with a public private life. Because, if you think of it, answered seriously, many of those questions have less answers and are easier to brute force than even the weakest passwords.
And I don't have any information online that I want to be protected, that I rely on to be protected. If you want to reset my online banking password I receive a new one in the mail. If it would be any other way I'd change my bank. You can of course break up my mail box on exactly the right day.
I also keep my "serious" and other more "playful" stuff strictly separated. You won't be able find the a link between my accounts on facebook and my bank.
I do use the same username and password on several sites, not for the "serious" stuff though.
The risk that remains is that administrators I do trust (work, bank, ...) do something stupid like storing plaintext passwords or creditcard numbers. |
|
| Back to top |
|
|
energyman76b
Advocate
Joined: 26 Mar 2003
Posts: 2022
Location: Germany
|
| Posted: Sun Nov 18, 2012 8:54 pm Post subject: |
|
|
| Quote: |
Search for the word “bank” to figure out where you do your online banking. I go there and click on the Forgot Password? link. I get the password reset and log in to your account, which I control. Now I own your checking account as well as your email.
|
maybe in stupid land but not in Germany. And thanks to TAN-Generators even if he got inside my bank account he would still be unable to do anything.
There are no 'forgot password' links. Every change has to be done by the local office.
Seriously, that guy? Idiot. They got from twitter to apple - how? Because he did something really stupid?
_________________
| AidanJT wrote: |
Libertardian denial of reality is wholly unimpressive and unconvincing, and simply serves to demonstrate what a bunch of delusional fools they all are.
|
Satan's got perfectly toned abs and rocks a c-cup. |
|
| Back to top |
|
|
John-Boy
Guru
Joined: 23 Jun 2004
Posts: 436
Location: Desperately seeking Moksha in all the wrong places
|
| Posted: Sun Nov 18, 2012 9:17 pm Post subject: |
|
|
| energyman76b wrote: | | There are no 'forgot password' links. Every change has to be done by the local office. |
It's similar over here, although it's mostly phone based - but from recent experience,
they want a blood sample before changing stuff.
_________________
When you break rules, break 'em good and hard |
|
| Back to top |
|
|
juniper
l33t
Joined: 22 Oct 2004
Posts: 756
Location: EU
|
| Posted: Thu Nov 22, 2012 1:10 pm Post subject: |
|
|
| my bank here (hsbc) has annoying 2-factor authentication. They send you this little calculator and everytime you log in you have to generate a code with it. Thus, you would need to know the answer to my secret question (any moron could probably find that out) and you have to have the code generated by this machine. |
|
| Back to top |
|
|
energyman76b
Advocate
Joined: 26 Mar 2003
Posts: 2022
Location: Germany
|
| Posted: Thu Nov 22, 2012 5:28 pm Post subject: |
|
|
pin to log in (easy)
debit card + tan generator for everything besides looking at the current balance
_________________
| AidanJT wrote: |
Libertardian denial of reality is wholly unimpressive and unconvincing, and simply serves to demonstrate what a bunch of delusional fools they all are.
|
Satan's got perfectly toned abs and rocks a c-cup. |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 16029
Location: Colorado
|
| Posted: Thu Nov 22, 2012 6:00 pm Post subject: |
|
|
| juniper wrote: | | my bank here (hsbc) has annoying 2-factor authentication. They send you this little calculator and everytime you log in you have to generate a code with it. Thus, you would need to know the answer to my secret question (any moron could probably find that out) and you have to have the code generated by this machine. |
I'd much rather have something like that than what we have currently, which seems to be an implementation of the FTP2TF protocol (Fail To Plan Plan To Fail). The weak password is of course your choice / fault.
_________________
lolgov. 'cause where we're going, you don't have civil liberties.
In Loving Memory
1787 - 2008 |
|
| Back to top |
|
|
energyman76b
Advocate
Joined: 26 Mar 2003
Posts: 2022
Location: Germany
|
| Posted: Thu Nov 22, 2012 6:19 pm Post subject: |
|
|
I am planning to use HBCI in the future. Can't be more secure than that.
_________________
| AidanJT wrote: |
Libertardian denial of reality is wholly unimpressive and unconvincing, and simply serves to demonstrate what a bunch of delusional fools they all are.
|
Satan's got perfectly toned abs and rocks a c-cup. |
|
| Back to top |
|
|
aidanjt
Veteran
Joined: 20 Feb 2005
Posts: 1101
Location: Rep. of Ireland
|
| Posted: Thu Nov 22, 2012 6:22 pm Post subject: |
|
|
Nonsense. Password reset mechanisms are far more vulnerable than a decent complex password.
_________________
| juniper wrote: | | you experience political reality dilation when travelling at american political speeds. it's in einstein's formulas. it's not their fault. |
|
|
| Back to top |
|
|
|
Off the Wall
