Jump to content
Guest

IDS & Passwords

By Guest, in Gay Thailand

Recommended Posts

Guest

Guest

Posted
Posted

The same login and pass for many accounts will compromise all your accounts in case if one of them will be hacked...

 

As far as possible, you can have one ID and password for all the sites where security would not be an issue.

Then have a system for the more secure sites.

Actually, I think the Firefox X-marks add in has the facility to store passwords for selected sites, although at the moment I just use X-marks for bookmark synchronisation.

TotallyOz Grand Master

TotallyOz

Posted
Posted

I think important to change passwords every few months for all your sites. That is only my recommendation. It only takes a few hours to do this and it will keep you more secure.

Moses Veteran

Moses

Posted
Posted

Actually, I think the Firefox X-marks add in has the facility to store passwords for selected sites, although at the moment I just use X-marks for bookmark synchronisation.

 

no way :))))

if you are using ANY browser or FTP-client to store passes and logins - then it is just a question of time when it will be compromised...

 

better solution is to keep passes and IDs in special program with strong cryptography from trusted manufacturer...

 

even better in addition to use only httpS forms for login...

 

and, you know, "security" IS issue for me almost everywhere - coz it is linked not only with info about myself, but I don't want to be source of troubles for other (spam from my accounts for example)...

 

"if you have paranoia, that doesn't means nobody is watching you"

Guest thaiworthy

Guest thaiworthy

Posted
Posted

I think important to change passwords every few months for all your sites. That is only my recommendation. It only takes a few hours to do this and it will keep you more secure.

 

Important, yes-- but not very practical.

 

Do you change your passwords every few months for your ATM cards as well?

 

In the US, when you register with the Social Security Administration, you are given one and only one SS number that lasts you your entire life. We cannot change that. If that number is compromised, you have real problems! And yet we seem to cope with that. I have user names and passwords at hundreds of places, changing them all every few months would be a herculean task!

Moses Veteran

Moses

Posted
Posted

Do you change your passwords every few months for your ATM cards as well?

 

yes, I do it after every travel to "risk regions" where my card has been used... it is very easy - just in time of next using in ATM of my bank...

Guest

Guest

Posted
Posted

Although I don't use it currently, there should be no problem with using an Xmarks type service for storing passwords for non security critical sites.

Like accessing forums or trip advisor for example.

I would not use such a service for banks, stockbrokers or anything where a security breach might result in a loss of money.

bkkguy Proficient

bkkguy

Posted
Posted

if you are using ANY browser or FTP-client to store passes and logins - then it is just a question of time when it will be compromised...

 

compromised by remote access? or by someone that gains physical access to your computer?

 

if you are suggesting the former than I would be interested in somes links to cases of this actually being done

 

if you are suggesting the latter then if this happens you have many significant security and privacy issues that are not addressed by just securing your passwords - a much better option is to secure the entire disk with secure encryption, eg using TrueCrypt

 

if you are talking mobile phone or tablet then that is a whole different set of risks an set of options to manage them

 

 

bkkguy

TotallyOz Grand Master

TotallyOz

Posted
Posted

does it really keep you more secure?

 

Yes, it does help keep my data more secure. My account was hacked at Sony and I changed all the accounts. With one breach, it is easy to go about getting other information. That one was made public. Most are not. So, I still think a good idea to change most of your passwords on a regular basis.

Moses Veteran

Moses

Posted
Posted

compromised by remote access? or by someone that gains physical access to your computer?

 

both: via viruses and trojans during visiting websites (90%) and via phisical access

 

if you are suggesting the former than I would be interested in somes links to cases of this actually being done

 

no... it is about lack of security at many websites: login forms use http protocol instead to use https protocol... your data can be very easy sniffed at time of login by viruses at your computer, by bad guy who is sitting near you (in public place when you are using wi-fi)

 

if you are suggesting the latter then if this happens you have many significant security and privacy issues that are not addressed by just securing your passwords - a much better option is to secure the entire disk with secure encryption, eg using TrueCrypt

when you are using True Crypt (yes, I use it as well) you crypt your data in time when you don't use browser... but when you will start to use browser to have acces to website - you will decrypt your data (and passes) and this moment will be critical - you have unprotected data.

 

When you use some crypto-pass-collectors (with add-on to browser) - collector will decrypt data right in time when you press "send" button and then will clear memory immediately after sending. Risk is many times less.

 

if you are talking mobile phone or tablet then that is a whole different set of risks an set of options to manage them

 

that why I don't use mobile phone for surfing or tablets for phone calls :) for calls - phone, for surfing - computer.

 

And for sure: I have anti-virus soft which has autoupgrade few times per day, True Crypt, and passes crypting soft. Besides it - all remote banking soft and data are at USB-flash with fingerprint...

 

As I told: "if you have paranoia that doesn't means nobody is watching you".

Guest ronthai

Guest ronthai

Posted
Posted

Check out RoboForm, free for up to 10 user/pwd and 100% secure

bkkguy Proficient

bkkguy

Posted
Posted

both: via viruses and trojans during visiting websites (90%) and via phisical access

 

as I said I would love to see some specific examples of viruses and trojans that have been able to read and compromise a browser's database of stored passwords

 

 

your data can be very easy sniffed at time of login by viruses at your computer,

 

while malware on your PC may be able to capture form data at the time the form is submitted, I fail to see how this has anything to do with allowing the browser to store passwords

 

 

by bad guy who is sitting near you (in public place when you are using wi-fi)

 

again I fail to see how this has anything to do with allowing the browser to store passwords

 

 

when you are using True Crypt (yes, I use it as well) you crypt your data in time when you don't use browser... but when you will start to use browser to have acces to website - you will decrypt your data (and passes) and this moment will be critical - you have unprotected data.

 

When you use some crypto-pass-collectors (with add-on to browser) - collector will decrypt data right in time when you press "send" button and then will clear memory immediately after sending. Risk is many times less.

 

you don't seem to understand how TrueCrypt does partition or disk encryption, and in the case we are talking about here where an attacker has physical access to your PC then propery implimented disk-based encryption is going to give you much better protection than a simple third-party password database.

 

your original comment that I queried was "if you are using ANY browser or FTP-client to store passes and logins - then it is just a question of time when it will be compromised..."

 

there are a number of issues associated with allowing the browser to store passwords, and many actions you can take to reasonably minimise risk depending on the passwords you are trying to protect, but your response addresses none of this - if you want to keep to vague security generalites then fine, but if you have some support for your original statement then I would love to hear more.

 

 

And for sure: I have anti-virus soft which has autoupgrade few times per day, True Crypt, and passes crypting soft. Besides it - all remote banking soft and data are at USB-flash with fingerprint...

 

wow that must make you feel very secure - do you drive a Hummer SUV?

 

Small Penis Confirmed By Hummer H3 Purchase

 

bkkguy

bkkguy Proficient

bkkguy

Posted
Posted

My account was hacked at Sony and I changed all the accounts. With one breach, it is easy to go about getting other information.

 

if you don't use the same password for multiple sites then this is not an issue, if you do then changing passords regularly is the wrong solution to the problem!

 

So, I still think a good idea to change most of your passwords on a regular basis.

 

up to you, I only offered then link as a resource that may help some people make their own more informed decision about managing their passwords

 

bkkguy

bkkguy Proficient

bkkguy

Posted
Posted

 

yes I read it, both parts - did you? because it does not really support your comments that I was responding to!

 

some points on the article

 

- it is written by a company that sells anti-malware software and while this is a fairly balanced technical article, their sales objectives are helped by anything that creates a perception in the general consumer's mind that anti-malware software is a universal panacea for all these types of problems, and their sales objectives are helped even more by posters like you spreading FUD (fear uncertainty doubt) with your posts above screaming "you will be compromised"

 

- as it states in the introduction the article specifically applies to IE 6 and 7 and Firefox 1.5 and 2.0. These are not current versions of these browsers. Anyone still running these versions without other security practices in place has significantly more important issues to deal with than whether they should be storing their passwords in the browser!

 

- the article touches on but does not really address issues such as the "value" of the passwords you are trying to protect v's the convenience of browser stored passwords, and other ways of circumventing the attack vectors they cover in the article eg using NoScript in Firefox - again they are trying to sell their software solution

 

- the conclusion in the article is "Risk of subversion and compromise to the password storage mechanisms of web browsers such as Internet Explorer and Firefox need further evaluation. Any system that controls the keys to the kingdom or many kingdoms should be further scrutinized. Users need to become more aware of the risks and benefits of using password management systems." given the age of this article and the browser versions it references do you have any more recent and relevent articles to suggest?

 

your quote box does not include any of my text so I don't know exactly which of my comments you are responding to, but if this is the best reponse you can manage to all of the points I raised above I will leave you to keep spreading your FUD! even without the benefit of a car :-)

 

bkkguy

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...