A New Age (eh?)

oldperro

Sorry PC...
Judging by your other posts I think I got you wrong as just a wimp.
Seems your just a Banker's lackey.

Oh well, you'll be able to crawl right up and lick the TV screen tonight when your heros appear on the news to try to answer questions on The Great ISA Ripoff.

So there's something to look forward to!

samizdat

By the way, oldperro, "upgrading" a non-photo driver's license to a photocard license can be done free of charge if you are doing it as part of a change of address notification.

No offence but you sound like the type of person who has probably not moved house for thirty or forty years but maybe you could give your abode a new name, e.g. "Old Perro House" or such like.

It is true that by switching to a photocard license, you may have to pay to renew your photo in ten years' time but as things currently stand you would not have to pay because those over 70 can do this free of charge. Clearly, the rules may change.

oldperro

samizdat wrote: »

No offence but you sound like the type of person who has probably not moved house for thirty or forty years

..and certainly no offence taken, Samizdat!

Thank you for considering my predicament and suggesting the best solution.

Actually, I had been thinking after dunstonh's post....this is probably not going to be a one-off problem and it seems to be the way the world is moving now, hence my heading "A New Age".

So I reckon I might as well get the forms and apply for a new style driver's license as I will no doubt need it in the future.

"Don't Fight The MACHINE"...LOL!!

Thanks to all the helpful folk here!

redlady_1

Dont worry, I have just had a complete fit at NS & I on the basis that they will no longer accept just my password as ID to transfer money but I now have to answer 5 randomly generated questions. These questions were set by themselves and include nephews names (I am an only child), time my first child was born (I dont have any) etc etc and because I dont have any of those details I was unable to transfer some money, despite having the password! So then I wanted to close the account. No, they couldnt do this unless I provided them with the above information. So, from that moment on everyone was called Fred. They couldnt close the account without a phone number so I made that up too. And now my account has been closed with false information!

samizdat

redlady_1 wrote: »

These questions were set by themselves and include nephews names (I am an only child), time my first child was born (I dont have any) etc etc and because I dont have any of those details I was unable to transfer some money, despite having the password! [Snip...] So, from that moment on everyone was called Fred. They couldnt close the account without a phone number so I made that up too. And now my account has been closed with false information!

As a matter of fact, best security practice dictates that one should always answer such questions with false, and indeed improbable, answers.

For example:

Favourite pet's name?
Answer: @8i1,/.+u75J~`Q

To operate like this, it is essential to use a good password manager. I recommend Keepass, which I use on both Windows and Linux machines. Keepass comes in two versions. The newer version (version 2) is written in .NET but it will run happily on Linux if you install mono (>some version).

Batchy

samizdat wrote: »

As a matter of fact, best security practice dictates that one should always answer such questions with false, and indeed improbable, answers.

For example:

Favourite pet's name?
Answer: @8i1,/.+u75J~`Q

To operate like this, it is essential to use a good password manager. I recommend Keepass, which I use on both Windows and Linux machines. Keepass comes in two versions. The newer version (version 2) is written in .NET but it will run happily on Linux if you install mono (>some version).

Personally think the idea of having all passwords in one place a daft idea, the next thing they will be doing is hacking into these things...

oldperro

samizdat wrote: »

For example:

Favourite pet's name?
Answer: @8i1,/.+u75J~`Q

That actually IS my dog's name! How did you know?

samizdat

Batchy wrote: »

Personally think the idea of having all passwords in one place a daft idea, the next thing they will be doing is hacking into these things...

Well, there is some truth in that. However, you can mitigate the risks by segregating your passwords into separate databases, so that there is no single point of failure to unlock all your secrets.

Also, if you back up these databases, as you should, it is likely that you will at least have a permanent record of all the relationships you do have for which you need passwords. You can then contact those institutions to alert them if you notice that your security has been compromised.

Keylogging is the greatest threat. You can mitigate this by using only trusted computer platforms to access your databases. You could, for example, use a dedicated machine with no access to the internet, no removable media, an operating system stored in Read Only Memory, an encrypted hard disk (with password not written down or stored anywhere except your head) etc.

Otherwise, Keepass does have the ability to lock its databases based on the presence of a local signature file, which you could carry on a USB key, which would thwart an attacker with possession of both the database and the password.

Ultimately, there is no such thing as perfect security and it becomes a question of how to manage things as effectively as possible. A password manager, used carefully, can be a good solution.

samizdat

oldperro wrote: »

That actually IS my dog's name! How did you know?

How do you pronounce it?

Batchy

samizdat wrote: »

Well, there is some truth in that. However, you can mitigate the risks by segregating your passwords into separate databases, so that there is no single point of failure to unlock all your secrets.

Also, if you back up these databases, as you should, it is likely that you will at least have a permanent record of all the relationships you do have for which you need passwords. You can then contact those institutions to alert them if you notice that your security has been compromised.

Keylogging is the greatest threat. You can mitigate this by using only trusted computer platforms to access your databases. You could, for example, use a dedicated machine with no access to the internet, no removable media, an operating system stored in Read Only Memory, an encrypted hard disk (with password not written down or stored anywhere except your head) etc.

Otherwise, Keepass does have the ability to lock its databases based on the presence of a local signature file, which you could carry on a USB key, which would thwart an attacker with possession of both the database and the password.

Ultimately, there is no such thing as perfect security and it becomes a question of how to manage things as effectively as possible. A password manager, used carefully, can be a good solution.

I agree with the above.

I think the best scenario, is a password that changes each time.

Ie, at work we have a VPN, used with a familiar password and 6 digit RSA generated code that changes every minute or 30 seconds, if every individual had one, and one only, then only with that, and then knowledge of the passwords should you be able to access secure area's.

IMO, that works well. Similar to the pinsentry from Barclays.

Annoying if you haven't got it with you, but still fairly secure.