Warning about trojans - especially if you are a Yorkshire Bank customer!

jonnyb

Andy Striker - I use egg moneymanager for all my banking log-ins. It stores the passwords for each of my bank or credit card log-ins in a secure file, then enters them for me when I sign in to egg money manager.
The passwords don't get typed, so keyloggers won't work. And so far - severl years - it has proved secure for me.
It's similar to, but easier and safer than, your Word method, so I would recommend it.

agsnu

Andystriker wrote: »

Forgot to mention,

The passwords on my memory stick in Word are password protected. In other words to get to the Word Document holding the passwords I have to type another password in to open Word. (If that makes sense)

So if the memory stick was ever stolen from my home then the thief would need the password to open word.

Word is not designed for storing secret information, and as such I wouldn't rely on it being secure.

td_007

Andystriker wrote: »

Forgot to mention,

The passwords on my memory stick in Word are password protected. In other words to get to the Word Document holding the passwords I have to type another password in to open Word. (If that makes sense)

So if the memory stick was ever stolen from my home then the thief would need the password to open word.

Password protecting Word docs just gives rudimentary security.

However, when talking trojans, you are just not talking about keyloggers but also programs that capture screen shots. With the later irrespective of how well password protected your files are, once it is open to view on your screen, the screen can be captured and transmitted.

Andystriker

So,

If we can't type the password in because of Keyloggers,

We can't use copy and paste because of trojans/programs that capture screen shots.

What, in everyone's opinion, is the safest way to do this? I can burn my memory stick but then Kavanne says don't write passwords down, it's less secure.

I have about 6 different banks/building societies where I use internet banking. All different passwords, I could not remember them all. Even my password to this forum is different.

How do other posters try and keep their login details secure while protecting themselves from these trojans?

Andy

td_007

It goes without saying that key is making sure that the computer is well protected with a a properly configured firewall, an up-to-date virus/malware/spyware scanner, avoid automatic running of scripts etc, and indeed be absolute sure of the links that you click on, files that are downloaed and the websites visited.

For the super-cautious:
- get another computer that is not connected to the internet for all your private work because at the end of the day if the computer is not connected to the internet no data can be transmitted
- use a password storage program with good security features including having the capability to auto-fill in fields and which can be used on a usb stick
- using this usb stick and auto-fill in feature (that will not show the passwords on screen) you can log in to your account from a computer connected to the internet. Since some logins require only certain characters rather than the entire password you will have to type them in or select them on-screen. Unfortunately you cannot avoid this.
- again using a usb stick on different computers has the risk of virus/trojan transfers which has to be managed

Overall, with adequate care and attention it is quite easy to keep a "clean" computer and efficiently use functionalities of the internet.

masonic

td_007 wrote: »

Password protecting Word docs just gives rudimentary security.

Word 2007 uses 128 bit AES encryption as standard. I think that's somewhat more than rudimentary security, assuming a strong password is used.

td_007

masonic wrote: »

Word 2007 uses 128 bit AES encryption as standard. I think that's somewhat more than rudimentary security, assuming a strong password is used.

Sure...wonder though how many personal machines are running Word 2007?

masonic

Andystriker wrote: »

What, in everyone's opinion, is the safest way to do this? I can burn my memory stick but then Kavanne says don't write passwords down, it's less secure.

I have about 6 different banks/building societies where I use internet banking. All different passwords, I could not remember them all. Even my password to this forum is different.

How do other posters try and keep their login details secure while protecting themselves from these trojans?

Andy

If you want to be ultra-safe, boot the system from a linux live CD/DVD. That way you can be sure nothing nasty is running on the system when you do your online banking. Of course, that makes it difficult to store the passwords electronically (in an encrypted form), which means you have to either (a) remember them, (b) be able to derive them from something you can remember, or (c) keep some sort of written prompt to enable you to remember them.

(a) is something you are unable to do and (c) is a bit risky if the written record might ever be accessible by anyone else. An example of (b) is to memorise one very strong password, which you use as a sort of 'master password' and then whenever you need a password for a new site, generate it by choosing a 'memorable' password relevant to that site and then mix in parts of the master password, thereby creating different passwords for each site that you can remember (or at least work out in your head without the need to write them down). This is obviously not as good as remembering a load of unrelated passwords, but it is safer than recording them somewhere.

456789

BarclaysManager wrote: »

Or, you know, buy a Mac.

Macs can get viruses/trojans aswell

Andystriker

I use AVG and Spybot Search & Destroy and run scans weekly.

If any of us were attacked by these trojans and they were successful in emptying our accounts with keylogging or Copy screenprints who would take the final loss?

Would the bank/building society stand the loss or would we customers lose the money.

In my case we are talking my life savings, so this is serious.

Andy