We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Password Tools - Invalidate Banks T's and C's
Comments
-
But how do you know which relates to what? Or perhaps you don't have many entries?
I have about 15 sensitive that I recognise but couldn't remember in full (I access them fairly frequently), I know which is which, I have countless other none sensitive that I keep separate and write down what they are.'Just think for a moment what a prospect that is. A single market without barriers visible or invisible giving you direct and unhindered access to the purchasing power of over 300 million of the worlds wealthiest and most prosperous people' Margaret Thatcher0 -
OK, these days I tend to use completely random passwords, of the maximum length and complexity allowed, there's no way I'd be able to recognise which was which!I have about 15 sensitive that I recognise but couldn't remember in full (I access them fairly frequently), I know which is which, I have countless other none sensitive that I keep separate and write down what they are.Stompa0 -
That's not the only time the data is at risk though.Added layers of security can't protect the data when you unencrypt it to use it and that's when the data is at risk.
Added layers of security can protect your data in cases of,
e.g., your house is burgled and your computer is stolen
or if you keep your passwords on a USB memory stick and lose it0 -
If there is a feasible risk to your data in the event someone gets physical access to it, then it's time to choose a different product or a stronger master password. As I stated above, there is of course a benefit, but it's negligible. AES-256 encryption, which the best tools use, with a sufficiently complex key is computationally infeasible to crack. Adding more encryption on top of that is like adding a third or fourth lock to your front door.That's not the only time the data is at risk though.
Added layers of security can protect your data in cases of,
e.g., your house is burgled and your computer is stolen
or if you keep your passwords on a USB memory stick and lose it0 -
If there is a feasible risk to your data in the event someone gets physical access to it, then it's time to choose a different product or a stronger master password. As I stated above, there is of course a benefit, but it's negligible. AES-256 encryption, which the best tools use, with a sufficiently complex key is computationally infeasible to crack. Adding more encryption on top of that is like adding a third or fourth lock to your front door.
I agree.
I would also suggest using some of the password manager's functionalities to prevent compromises caused by keyloggers and Trojans. My own firewall helps to remove the threat of keyloggers. Even creating a new VM each time to use a password manager is the ultimate security for those willing to take matters to the extreme.0 -
Even creating a new VM each time to use a password manager is the ultimate security for those willing to take matters to the extreme.
not extreme - its easy and worthwhile - have a look at Linux Slax0 -
Here's another example of internal fraud.
http://www.id-theftprotect.com/news.php?news_id=594&news_keyword=barclays
More reason for using password managers.
Warning: I don't endorsed the website and product services. The purpose of the link is to illustrate banks' internal fraud problem.
Regards0 -
I'm not sure how those two statements tie together? Would use of a password manager have prevented this Barclays employee obtaining the customer details? ...and don't Barclays now have some sort of debit card reader that they insist their customers use to log in to online banking?Undisputedtruth wrote: »Here's another example of internal fraud.
http://www.id-theftprotect.com/news.php?news_id=594&news_keyword=barclays
More reason for using password managers.
I also noticed that article was published in September 2008, and the fraud actually took place 5 years earlier, in 2003. Let's hope some lessons were learned back then.0 -
I'm not sure how those two statements tie together? Would use of a password manager have prevented this Barclays employee obtaining the customer details? ...and don't Barclays now have some sort of debit card reader that they insist their customers use to log in to online banking?
No, the use of password managers would not have prevented the fraud mentioned in the article. The point where I argued in another post is that most people tend to use the same password for all their accounts. Therefore, if an internal staff manages to get hold of your password and pass it on to someone else to access your account details held by another bank then I suspect it would make the situation even more difficult for the bank to detect internal fraud. In this event they'll more likely to blame the customer for divulging the password.I also noticed that article was published in September 2008, and the fraud actually took place 5 years earlier, in 2003. Let's hope some lessons were learned back then.
Probably not, banks have always had problems with internal fraud just as retailers have problems with their staff stealing.0 -
Perhaps, although most banks I have dealt with kept internet banking credentials completely separate from the security questions asked by bank staff and made a big point of telling people not to divulge them to anyone, even the bank. The login process at each bank seems to be somewhat unique and inflexible, so it's hard to imagine 'shared password syndrome' striking in this situation - though the people who are likely to be targetted by bank employees would have a lot to lose in the original account.Undisputedtruth wrote: »No, the use of password managers would not have prevented the fraud mentioned in the article. The point where I argued in another post is that most people tend to use the same password for all their accounts. Therefore, if an internal staff manages to get hold of your password and pass it on to someone else to access your account details held by another bank then I suspect it would make the situation even more difficult for the bank to detect internal fraud.
Of course, not knowing your internet banking password means that you can't give it to anyone, which is where I guess a password manager does hold some value.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards