We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
'Rapport' Security
Options
Comments
-
No, My boot up time is the same with or without Rapport.0
-
Most virtual keyboards work by inserting the scancodes of the virtual keypresses into the keyboard buffer just like a real keyboard. Since keyloggers work by monitoring the keyboard buffer, there is in effect no difference between using a standard virtual keyboard and a real keyboard.It most probably will, depends how sophisticated the keylogger is. But I'd think you'd be taking a greater risk by having your password saved anywhere. You'd be better off using a virtual keyboard as discussed previously.
One notable exception to the above is a virtual keyboard provided on the webpage by your bank, since this isn't trying to emulate a real keyboard. Unfortunately, very few banks provide this level of security on their login pages.0 -
If you really want to use a spreadsheet, then the secure way of going about it would be to download and burn a linux live cd and keep your spreadsheet on a dedicated usb stick (which you keep in a safe place). When you want to do online banking, boot from the live cd and open the spreadsheet on the usb stick using open office. Never use the usb stick from within your main (windows) operating system.But sure if a you have loads of spreadsheets and word documents and you camouflage the password somewhere within without identifying it as your password why would this be a greater risk? , the question was do keyloggers pick up on copy and paste? BTW didn't someone say that only a hardware/software (not sure which) virtual will defeat keyloggers?
Taking the above steps, you can guarantee you are only accessing your data from a 'clean' system and the data therefore can't fall into the wrong hands.0 -
That is true for excel 2007 (.xlsx) files, but less true for earlier versions of excel. It also depends very much on the strength of the password used.I also keep an excel file for private data like birthdays etc which I password protect
From a limited google search I gather that its pretty difficult to crack excel password files0 -
I also keep an excel file for private data like birthdays etc which I password protect
From a limited google search I gather that its pretty difficult to crack excel password files
I'd agree with 'masonic' in his reply
Spreadsheets protected by the use of the Excel password facility should not be regarded as "secure".
If you want to encrypt a single file my recommendation is "Axcrypt" - and use a long key.
In respect of Rapport I'm sure that some Russian hackers are, even as we speak, trying to crack it.
They will be focussing on the password storage and comparison facility - which can be turned off by the user.
The passwords stored must be copied somewhere to disc - encrypted. We don't know the method of encryption nor do we know the 'key' length.
However, given that there is no user (ie external) input into the subsequent decryption of the stored passwords list by Rapport it follows that the "key" or indeed the method of generating it must be held within the program somewhere. So 'all' (!) you need to do is to reverse engineer the program, find out which file stores the passwords and you are away.
It might be that the generation of the 'key' includes something like the motherboard's serial No (for example) to make the key and hence the encrypted file computer/hardware dependent - however if such a process existed this would again be stored within the program making it accessible.
In practice I think many viewers and contributors to this board are sufficently savvy to avoid the pitfalls of obvious phishing scams, use of different passwords etc: and for those people who are aware of all this Rapport probably is of marginal benefit. Most useful is that it presumably has stored within in a list of the raw IP addresses for the protected sites to ensure you really go to that site. This means that any attempt at DNS poisoning at say at your ISP's DNS server would fail: and which you could nothing about.
(The ISP's DNS server converts your "www" address into a numeric IP address so muck about with the conversion and your web page request could end up anywhere)
But having seen the state of some peoples' computers with various boot up errors, no patching of updates and the same password used for everything one does begin to have sympathy for the banks' position. This is the sector Rapport is aimed at and I suspect the banks will start to get tougher on customers requiring them to install
proper security on their computers: else they ain't paying out for fraudulent transactions.0 -
savetilibleed wrote: »Trouble is if one has loads of different online accounts as I have, it becomes difficult to remember all the passwords, PINS, memorable info etc, so using a program such as KeePass is useful. Protect everything with a really hard to guess single password.
I actually use a sentence (no spaces between words) for my KeePass.
A sentence that would only relate to my household.0 -
Taking the above steps, you can guarantee you are only accessing your data from a 'clean' system and the data therefore can't fall into the wrong hands.
I tried Ubuntu previously that but it wouldn't download so I gave up, I thought it sounded like a great idea. I think I will try again.'Just think for a moment what a prospect that is. A single market without barriers visible or invisible giving you direct and unhindered access to the purchasing power of over 300 million of the worlds wealthiest and most prosperous people' Margaret Thatcher0 -
We can only speculate on how Rapport is doing the password checking, but if it is being done properly, then it would be a hash of the passwords that would be stored and used. Proper use of hashing would make it infeasible to reverse engineer the passwords from the stored data, so it is at least possible that this feature is secure.ChiefGrasscutter wrote: »In respect of Rapport I'm sure that some Russian hackers are, even as we speak, trying to crack it.
They will be focussing on the password storage and comparison facility - which can be turned off by the user.
The passwords stored must be copied somewhere to disc - encrypted. We don't know the method of encryption nor do we know the 'key' length.0 -
I quite like Parted Magic. Obviously it's designed for repartitioning hard drives, but it includes Google Chrome browser, Truecrypt (so you can create an encrypted file container on a USB stick to store your passwords), and Leafpad text editor (to view the stored passwords - not quite as good as open office, admittedly). It can serve as a 'no-frills' livecd for online banking and it's only an 80MB download.I tried Ubuntu previously that but it wouldn't download so I gave up, I thought it sounded like a great idea. I think I will try again.0 -
When I said single password I meant one thing to remember rather than a whole host of passwords/codes/pins. I use a phrase, actually a long format date with spaces that only means something to me (no not a birthday!!). Hmm perhaps a sentence would be better though[/B]
I actually use a sentence (no spaces between words) for my KeePass.
A sentence that would only relate to my household.
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards