Jump to content
N-Europe

Recommended Posts

Posted

With the recent ebay hacks, kickstarter, playstation a few years ago it's becoming increasingly obvious that passwords are not fit for purpose. At this point I feel like if someone wants to get them they will. So what viable alternatives do we have today to protect our shit.

Posted

2-Step Verification.

 

An app on your phone which gives you a changing code (like those bank key things) that you need to access your Google account. You also get a list of codes that you can print and put in a safe place in case you can't access your phone.

Posted
An app on your phone which gives you a changing code (like those bank key things)

 

Which is a fucking ballache when I have one password to remember as well as having to remember a second password to generate a third.

Posted
Which is a fucking ballache when I have one password to remember as well as having to remember a second password to generate a third.

 

I was thinking it would be every time you need to access something, unless it's from a "saved" access point (aka a PC, Mac, tablet etc) then it would generate a code that would be sent to your phone. This would be required to access said services.

 

You'd only need to remember the one password, never the code.

 

Google's 2-step service is probably the next stage in all verification.

Posted

Everyone should use 2 step verification where it's available. It's not really an alternative to passwords since it uses both but it's super secure.

 

Google have added a way to log you into a ChromeOS device just by having your phone nearby, but I'm not sure if I like that "solution".

Posted
I was thinking it would be every time you need to access something, unless it's from a "saved" access point (aka a PC, Mac, tablet etc) then it would generate a code that would be sent to your phone. This would be required to access said services.

 

You'd only need to remember the one password, never the code.

You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:

Enter my unique bank thing.

Enter my password question.

[Enter the password on my Smart Key to get another number]

Enter the new number given.

Finally - Access.

 

To give this a bit more context:

Enter my unique bank thing: AB1234567890

Enter my password question: JIMBOBSWALLOWS

[Enter the password on my Smart Key to get another number] 1234 - Given 123 456

Enter the new number given [123 456]

 

It's a bit of a shit when all I wanna do is check my balance.

Posted
You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:

Enter my unique bank thing.

Enter my password question.

[Enter the password on my Smart Key to get another number]

Enter the new number given.

Finally - Access.

 

To give this a bit more context:

Enter my unique bank thing: AB1234567890

Enter my password question: JIMBOBSWALLOWS

[Enter the password on my Smart Key to get another number] 1234 - Given 123 456

Enter the new number given [123 456]

 

It's a bit of a shit when all I wanna do is check my balance.

 

Yeah, i can see that issue. Online banking has so many passwords and codes to be able to access it, i take it you are with HSBC the same as myself?

 

Have to remember the online ID number, then the password to the question. Then a 3rd code to access that smart thing to give you a 6 digit code. Kind of a chore to access, but it is secure (of which you don't think it is when you forget one code and find it impossible to access otherwise)

Posted
You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:

 

The Google thing works like this

 

- Enter username/password

- Unlock phone

- Open App

- Enter code.

Posted
You'd think so. But to get the third no-need-to-memorise-because-it-keeps-changing code you need to have a second code. So to get to my online banking, I have to do the following:

Enter my unique bank thing.

Enter my password question.

[Enter the password on my Smart Key to get another number]

Enter the new number given.

Finally - Access.

 

To give this a bit more context:

Enter my unique bank thing: AB1234567890

Enter my password question: JIMBOBSWALLOWS

[Enter the password on my Smart Key to get another number] 1234 - Given 123 456

Enter the new number given [123 456]

 

It's a bit of a shit when all I wanna do is check my balance.

 

The Bank of Scotland app, which is fantastic, asks you for:

 

Your password, it's then stored if you want

3 letters from your security code

 

Very quick just to log on. I assume that ify ou get the 3 letters wrong a few times then it will lock you out.

 

 

Logging onto work remotely I need my username/password as usual. 4 digit security number for the RSA Secure ID app, then the unique key it generates.

 

Google's 2-Step verification is great because the app is linked to your account so need for a password to get into the app.

 

2-step verification is the way forward as it is so much more secure. You can set different phone numbers up if you don't have access to your mobile.

Posted (edited)

I like what PayPal do. Logging in requires me to send an SMS message to my phone with a code. Only with that code will the login work.

 

Santander also requires a password and then a second password to access online banking.

 

Blizzard don't do too badly with their authenticators either. The issue is having this kind of service for everything would be a nightmare.

Edited by Guy
Posted

My bloooooooooooood.

 

Or...hmm. I'm not sure. The problem lies surely in that whatever method you use the 'server side' has to store something for the verification by yourself? I don't yet understand(nor in the state to) the whole 2-step verification thing, but I'd say it's difficult to separate whatever you're using to access unless it's a hardware/similar specific thing?

 

Internet banking wise, mine asks for an id number, then a memorable piece of data, then 3 placed characters from a bigger pass phrase - I've always liked this idea on the back of bruteforce hackers and keyloggers(the placed characters are clicked rather than typed) - but again it does little to nothing if the hack is done 'server side'.

Posted
I like what PayPal do. Logging in requires me to send an SMS message to my phone with a code. Only with that code will the login work.

 

Santander also requires a password and then a second password to access online banking.

 

Blizzard don't do too badly with their authenticators either. The issue is having this kind of service for everything would be a nightmare.

 

A nightmare yes I'd rather have my data secure though.

×
×
  • Create New...