Results 1 to 13 of 13
  1. #1
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts

    3 strategies security experts use to protect themselves online

    Nothing that hasn't been advised here, before, but it's never too much to get confirmation:

    https://www.washingtonpost.com/blogs...mselves-online


    I would especially point out to the robustness of two step authentication, to keep important accounts off hackers hands. Two factor authentication relies on a device, usually a phone. If you use one, don't forget to lock it with a password, no matter how annoying it may be to be forced to input such password tens of times in a day.

    A phone / smartphone can be a very relevant point of failure when using two two step authentication, as is the single master password when using a password manager. Choose both wisely and keep them safe!!
    Rui
    -------
    R4

  2. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    My security doesn't allow me to read the comments on the originating blog...

  3. #3
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,154
    Thanks
    31
    Thanked 307 Times in 267 Posts
    @ satrow

    Dunno what's up with your security but I had no problem reading the article in ruirib's #1 post.

    Thought it was rather interesting actually, and it sorta confirms impressions gained from working on customers' systems for many years.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  4. #4
    5 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    701
    Thanks
    89
    Thanked 8 Times in 8 Posts
    great for biz maybe

    but a real PITA and can be
    an account loser forever
    with no way to recover
    for real people using things like hotmail



    Quote Originally Posted by ruirib View Post
    Nothing that hasn't been advised here, before, but it's never too much to get confirmation:

    https://www.washingtonpost.com/blogs...mselves-online


    I would especially point out to the robustness of two step authentication, to keep important accounts off hackers hands. Two factor authentication relies on a device, usually a phone. If you use one, don't forget to lock it with a password, no matter how annoying it may be to be forced to input such password tens of times in a day.

    A phone / smartphone can be a very relevant point of failure when using two two step authentication, as is the single master password when using a password manager. Choose both wisely and keep them safe!!

  5. #5
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by speedball View Post
    great for biz maybe

    but a real PITA and can be
    an account loser forever
    with no way to recover
    for real people using things like hotmail
    It would be good if you actually had read the article. These are behaviors taken by individuals, not businesses.

    So we have your opinion, vs. the experts actions and opinions. Of course, the experts lose. Not surprising.
    Rui
    -------
    R4

  6. #6
    5 Star Lounger
    Join Date
    Mar 2010
    Location
    east coast
    Posts
    701
    Thanks
    89
    Thanked 8 Times in 8 Posts
    my comment is still valid

    total PITA and useless for individuals which will cause more problems than any alleged gains



    Quote Originally Posted by ruirib View Post
    It would be good if you actually had read the article. These are behaviors taken by individuals, not businesses.

    So we have your opinion, vs. the experts actions and opinions. Of course, the experts lose. Not surprising.

  7. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by speedball View Post
    my comment is still valid

    total PITA and useless for individuals which will cause more problems than any alleged gains
    Too bad the most knowledgeable users on security disagree with you. I do too. I use two step authentication all the time and I do it as an individual user, which is what I am, most of the time. Not only it is not a PITA, it's safe, it's usable and it provides a measure of trust that makes me feel uncomfortable and less trusting of any site that wants to keep my data or my money and do not use two step authentication.

    Thinking security matters only to businesses is not only wrong, it's outright dangerous. Many before you have regretted the lack of two step authentication in sites such as Amazon's or GoDaddy's, for example, and have suffered relevant losses for it. If there is something that is not smart at all is refusing to learn from others' bad experiences.
    Rui
    -------
    R4

  8. #8
    Star Lounger
    Join Date
    May 2011
    Posts
    84
    Thanks
    2
    Thanked 2 Times in 2 Posts
    I would use 2 factor ID but many financial institutions don't offer it.

  9. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by robertpri View Post
    I would use 2 factor ID but many financial institutions don't offer it.
    Yes and that is a shame.Unfortunately, many banks are not good examples of the use of good security practices.
    Rui
    -------
    R4

  10. #10
    3 Star Lounger
    Join Date
    Apr 2010
    Location
    Los Gatos CA
    Posts
    376
    Thanks
    52
    Thanked 12 Times in 11 Posts
    European banks are very much more security conscious, Bank of Ireland require a 3-step log in: a user number: either the last four digits of your contact number or date of birth: and a random selection of 3 out of 6 digits in your PIN. Enter one digit wrong and I'm back to square one, no back-space key, no refresh. Barclays Bank was much the same. Logging in to my account at Wells Fargo is trivially easy. I mentioned this to the branch manager. "Yes," he said, "our security sucks." I don't do on-line banking with them!

    David

  11. #11
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Hartford, WI, USA
    Posts
    370
    Thanks
    153
    Thanked 62 Times in 37 Posts
    Speedball,

    You are just too fast here I am afraid.

    I use 2FA for years for my Google stuff because I often use that from customers computers. Works like a charm EVERY SINGLE TIME!

    If I could not keep track of my cell phone any more I should not be living the life I do live...
    Eike J Heinze
    What I am about
    SE Wisconsin

  12. #12
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    https://www.schneier.com/blog/archiv...lure_of_2.html

    The Failure of Two-Factor Authentication

    In 2005, I [Bruce Schneier] wrote an essay called "The Failure of Two-Factor Authentication," where I predicted that attackers would get around multi-factor authentication systems with tools that attack the transactions in real time: man-in-the-middle attacks and Trojan attacks against the client endpoint.... [continue reading at link above if interested]

    ---------------

    FN: There is not a system a clever person cannot get around.

    I personally use an open source password manager that does not phone home to implement and keep strong randomly generated unique passwords for me on my accounts. I only need remember a complicated master password. I use the same password to unencrypt my hard drives. Foolproof, not hardly. But likely impossible to get around; need to intercept me typing it instead.

    It is easy to add more. And I can use my browse's password manager to store the passwords I do not care too much if they get hacked (like this forum for instance), so I can automatically login with little effort, preserving my securest passwords exclusively in the password manager for sites I deal in commerce with and keep those off of the browser (I hope).

    Updating patches on apps and devices frequently. Various other means to hopeful catch malicious activity before it bites. Most users want to push a button and go. That is fair. Who wants to know how their car works or their computer? Few do (such as the people reading this, but we are the exception).

    So for better or worse we have a serious security problem in this world of cell phone financial transactions over wifi or cellular networks with weak encryption. And for those of us who care and understand often we are compelled to either use seriously substandard security to accommodate most users or corporations who do not want to spend the money on better security, or not conduct business over either the Internet or mobile phones.
    Last edited by Fascist Nation; 2015-08-19 at 19:15.

  13. #13
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    SS7 Phone-Switch Flaw Enabled Surveillance

    .... This helps anyone bent on surveillance, of course, but it also means that a well-equipped criminal could grab your verification messages (such as the kind used in two-factor authentication) and use them before you've even seen them....

    https://www.schneier.com/blog/archiv...one-switc.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •