Posted on 06/09/2021 6:47:55 AM PDT by ken in texas
Yeah, they’re not getting millions of passwords by hacking millions of personal computers. They’re hacking Yahoo, Apple etc who so kindly stores your passwords for you on their systems.
Yep, a Chromebook.
What do you use, smoke signals?
Also, for some sites we have added two-step verification. After putting in your regular password, they text you a one-time password (OTP) which you enter to finally access the site.
Or an Authenticator app that generates a passcode each time.
Used laptop from ebay with Kubuntu(Linux) installed and firewall in place.
That’s good advice. I use two-step ID for financial, email pw changes, and Amazon.
The key is to get away from the password model and get into the token model. BUT, the token model is a giant pain in the butt.
They'll have to pry my last surviving old Vic-20 out of my hands lol
“the token model”
What’s that? Did you see the other post about the two-factor method?
2 factor generally runs through the token model. So what happens is you go through a login that probably doesn’t even use your password, or if it does that’s only half the login, and then you get a token. That token is only useful on that computer and for a limited amount of time. It’s very secure BUT the setup time to get it going is rough, and on the user side it’s not terribly intuitive, and often involves user having to install apps on their phone, then you get a bunch of extra headaches when you have to switch phones. But it’s the wave of the future because it greatly limits the use, storage and transmission of passwords.
P
That is a clever feature. May I ask who the credit card company is?
“doesn’t even use your password”
Got it. How about using the public-private key scheme that’s used for things like sending credit card numbers. I the user would create a private/public key pair and send the public key to the service I wanted to access. They’d send me a password encrypted with the public key. I’d decrypt it with the private key that only I had. Then I’d send them the password which would be usable only that one time.
Just thinking out loud.
I have that one saved.
(I was a certified OS/2 Engineer at one time… There were around 7000 of us.)
I don’t think I’ll be around long enough to ever see Windows multi-task as well as OS/2 did.
~Easy
It’s an AAdvantage card (American Airline miles) through Citibank. Not sure if Citi offers it on all its cards.
Yup. Any system that can send you a copy of your password is fundamentally broken and shouldn't be trusted.
Probably not. Also, I loved REXX
The problem with passwords is like what we’ve got in this story. They get stored somewhere. And if they get stored in plain text, or even encrypted if there’s a large enough quantity of data, they can be stolen. Also they get transmitted from your browser to the server, and if that happens in plain text they can be stolen. And you have to type them in and if somebody got a keystroke logger on your machine they’ve got your password.
That’s the big benefit of the token system, it doesn’t matter if gets stolen. Since that token is only useful for your machine for about an hour everybody in the world could get your token, it does them no good.
It's also a good idea to change your passwords at least once a year.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.