Re: [CGUYS] Password Keeper == Login King -- thoughts?
On Feb 20, 2010, at 10:28 PM, Fred Holmes wrote: One bank uses a pictogram -- picture. After entering only your username, a different/succeeding page loads that shows a picture and queries your password. This picture is individual for each customer. You get to pick it out of a huge library of pictures when you sign up for an on-line banking account. If the proper picture doesn't show, then the user concludes that the site has been hijacked and the page is invalid. Therefore the user does not enter his password and the thief page doesn't capture his password. If your bank does not do something like this to assure you that you that you are indeed connected to the bank, you should find a different bank. This is a simple and highly effective way to protect customers. If they can't manage something this simple, who knows what else they have failed to do correctly. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Password Keeper == Login King -- thoughts?
On Feb 20, 2010, at 8:44 PM, Tony B wrote: I have it set so our staff (myself included) has to change passwords every few months. And I always use strong passwords. I can't even remember my gmail password, and I routinely need that when logging in from my laptop from the road. This is a fine example of security theatre. Study after study shows that this practice makes systems less secure, yet bloviated IT managers continue to insist on it. I think the attraction is the kick they get out of making people do useless and annoying things. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
[CGUYS] Password Keeper == Login King -- thoughts?
Hi ... I'm looking for something that will help me remember the ever-increasing number of passwords. I found this site, recommended by PC Magazine, but I seem to recall a discussion here long ago saying that such programs are not secure. What's the scoop? Handy and safe or forget it? http://www.loginking.com/ As always, thanks in advance, Gail Miller * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Password Keeper == Login King -- thoughts?
These days you really have to have *some *sort of password manager. However, I don't see where this one is worth $10 more than Roboform (which I use). Unless maybe they allow more than one install. On Sat, Feb 20, 2010 at 12:00 PM, Gail Miller gail.mil...@comcast.netwrote: Hi ... I'm looking for something that will help me remember the ever-increasing number of passwords. I found this site, recommended by PC Magazine, but I seem to recall a discussion here long ago saying that such programs are not secure. What's the scoop? Handy and safe or forget it? http://www.loginking.com/ * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Password Keeper == Login King -- thoughts?
At 03:38 PM 2/20/2010, tjpa wrote: For anything financial or attached to a credit card I use better passwords and I keep this list on paper. It is a short list. I've heard that, at least in the past, it's better to do a secure copy/paste of a password than to type it in with the keyboard. Apparently the clipboard is more secure. Keyloggers abound. Anybody have the real scoop on this. One of my banks requires the password to be entered on an on-screen graphic of a keyboard, using the mouse to press the keystroke. I guess they figure that this is even more compromise-proof. Fred Holmes * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Password Keeper == Login King -- thoughts?
No, clipboard entry is no more secure than typing on the keyboard since it uses the same routines. Virtual keyboards such as you describe can help. Roboform has the option to use one for my master password, but it's usually just cumbersome enough that I don't bother with it. But I would if I was at a public hotspot. Some people may be able to use paper, especially if they never log in from more than one computer. I run a few websites with Administrator privledges, so I can't be that lackadaisical. I have it set so our staff (myself included) has to change passwords every few months. And I always use strong passwords. I can't even remember my gmail password, and I routinely need that when logging in from my laptop from the road. On Sat, Feb 20, 2010 at 8:16 PM, Fred Holmes f...@his.com wrote: At 03:38 PM 2/20/2010, tjpa wrote: For anything financial or attached to a credit card I use better passwords and I keep this list on paper. It is a short list. I've heard that, at least in the past, it's better to do a secure copy/paste of a password than to type it in with the keyboard. Apparently the clipboard is more secure. Keyloggers abound. Anybody have the real scoop on this. One of my banks requires the password to be entered on an on-screen graphic of a keyboard, using the mouse to press the keystroke. I guess they figure that this is even more compromise-proof. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Password Keeper == Login King -- thoughts?
That brings to mind, how come banks (now they use 2 different passwords and a pictogram for the most part) don't give you a teaser email reminding you, periodically, to change your password... that would be a nice service. -Original Message- From: Tony B [mailto:ton...@gmail.com] Sent: Saturday, February 20, 2010 8:44 PM Subject: Re: Password Keeper == Login King -- thoughts? No, clipboard entry is no more secure than typing on the keyboard since it uses the same routines. Virtual keyboards such as you describe can help. Roboform has the option to use one for my master password, but it's usually just cumbersome enough that I don't bother with it. But I would if I was at a public hotspot. Some people may be able to use paper, especially if they never log in from more than one computer. I run a few websites with Administrator privledges, so I can't be that lackadaisical. I have it set so our staff (myself included) has to change passwords every few months. And I always use strong passwords. I can't even remember my gmail password, and I routinely need that when logging in from my laptop from the road. On Sat, Feb 20, 2010 at 8:16 PM, Fred Holmes f...@his.com wrote: At 03:38 PM 2/20/2010, tjpa wrote: For anything financial or attached to a credit card I use better passwords and I keep this list on paper. It is a short list. I've heard that, at least in the past, it's better to do a secure copy/paste of a password than to type it in with the keyboard. Apparently the clipboard is more secure. Keyloggers abound. Anybody have the real scoop on this. One of my banks requires the password to be entered on an on-screen graphic of a keyboard, using the mouse to press the keystroke. I guess they figure that this is even more compromise-proof. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Password Keeper == Login King -- thoughts?
Because people really hate that. I don't know what banks you're talking about, because none of mine have ever used 2 passwords or any type of 'pictogram' (whatever that is?). On Sat, Feb 20, 2010 at 9:52 PM, rleesimon rleesi...@gmail.com wrote: That brings to mind, how come banks (now they use 2 different passwords and a pictogram for the most part) don't give you a teaser email reminding you, periodically, to change your password... that would be a nice service. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Password Keeper == Login King -- thoughts?
At 09:56 PM 2/20/2010, Tony B wrote: Because people really hate that. I don't know what banks you're talking about, because none of mine have ever used 2 passwords or any type of 'pictogram' (whatever that is?). One bank uses a pictogram -- picture. After entering only your username, a different/succeeding page loads that shows a picture and queries your password. This picture is individual for each customer. You get to pick it out of a huge library of pictures when you sign up for an on-line banking account. If the proper picture doesn't show, then the user concludes that the site has been hijacked and the page is invalid. Therefore the user does not enter his password and the thief page doesn't capture his password. The virtual (graphic) keyboard that I mentioned earlier could be used for the only password required, or it could be a second, additional password. Fred Holmes * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Password Keeper == Login King -- thoughts?
That brings to mind, how come banks (now they use 2 different passwords and a pictogram for the most part) don't give you a teaser email reminding you, periodically, to change your password... that would be a nice service. I logged into a state payroll system this morning. As soon as I got into the system, it notified me that my password expired and I had to create a new one, otherwise it would lock me out, and I'd have to contact the state office which is closed until Monday. I think either HSBC or ING did the same thing. One of my corporate emails did that too, and also an online subscription to Lancet. I get lots of emails from banks and credit card companies with links to someplace in China where I can reveal my ID and password...How about you? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *