Is there anyone not using an app like 1Password at this point?
I use pwSafe myself but either way such an app would be of no help here. They effectively have access to the more valuable information so I doubt the theirs even care about your password.
I think this is brilliant marketing. The more people will doubt cloud services, the more hard drives they will buy.
/s
I only reluctantly use could services. Security is an issue but the bigger problem is the lack of guaranteed access. Probably the third big issue is the bandwidth usage which sucks, especially for mobile devices. This by the way is why I'm holding out for a real capacity bump in the new iOS devices this year.
I mean EXACTLY that! Every single day we read about yet another security breach allowing our user id’s and passwords to be stolen. From Target to LaCie, to the Schnuck’s grocery store chain in St. Louis, to the Heartbleed bug it has become perfectly clear that using strong passwords is USELESS if they can be stolen at will from websites or company servers. If some bad guy empties out my bank account I’ll just sue the pants off the bank. Everybody does it, everybody expects the retailer or bank or whatever to make them whole again. The bad guys are filing fraudulent income tax returns using someone else’s SS number and raking in their refunds. The IRS is too understaffed to do much about it. The bad guys are creating fraudulent SS accounts and redirecting the deposits to their own bank accounts. Crime on the Internet is all over the place, unstoppable, pandemic. So what’s the use? I’ll just make YOU pay higher prices to get my funds back. Oh, and the legal system favors the criminal anyway. The guy who steals my identity gets a couple of months... or more likely probation.
I say this out of complete frustration with the online universe we have created. I’ve had it and I don’t care any more.
"The "customer" should not be off the hook if they willfully make foolish decisions that resulted in their identities and money being stolen. Thankfully most sites don’t allow easily guesses passwords to be used."
But they ARE off the hook. They DO get their funds restored. And if I leave my front door unlocked the insurance company still pays and YOU get higher premiums to offset the loss. Har, har, what a racket.
1) The two-step authentication requires an authenticated device be used to retrieve a PIN to access from another device.
2) Sure, security issues happen constantly but the solution isn't to be even lazier in your efforts. If someone breaks into my AI account they don't know anything about me. They have an email address, username and password, only two of which are used elsewhere and only on other forums. They'd have to hack and monitor many sites and grab IP data which they can then use to figure out my identity. Facebook is another story because that data is personal data but of my 3 accounts each use different data sets, which include emails and. of course, unique 50 character passwords, and completely private. Is it foolproof? Of course not, but making the password 123456 and then using that for all sites is just dumb. At least most sites at least protect you by not allowing you to have such weak passwords.
3) You say the IRS is understaffed and identify theft isn't punished harshly enough but your solution is to do nothing to protect yourself? :???:
4) The legal system favours criminals? Why would you even write that? :no:
5) No, you're not off the hook. If your credit is ruined because of someone else you have to go through a lot of work to get that resolved and even then it's likely going to cost you money and take a lot of time to fix your credit. If you choose not to do a modicum of effort to educate and protect yourself then you're likely going to be victimized before someone that does use a postal box for all their mail, shreds all documents with their name on it before trashing them, uses a credit monitoring services, uses complex and unique passwords, uses random recovery pass phrases, uses email aliases to set up spam watch lists, and uses two-step authentication when offered, and keeps all their files on encrypted drives. It doesn't mean I can't be victimized but the difficultly compared to you and your everything 123456 password is staggering.
I use pwSafe myself but either way such an app would be of no help here. They effectively have access to the more valuable information so I doubt the theirs even care about your password.
If the username and password is used at another site where more personal data including additional credit and debit cards are stored then it could be useful. For instance, what if you use the same at Geico insurance. They could then have automobile info. Or what about using that same username and password to get to a common site for mortgage or student loans. Mine all keep the bank's routing and account numbers and account type available for anyone to see that can log into my account. I'd like to limit this access as much as possible. Let the slowest of the herd be more likely to get taken down.
1) The two-step authentication requires an authenticated device be used to retrieve a PIN to access from another device.
2) Sure, security issues happen constantly but the solution isn't to be even lazier in your efforts. If someone breaks into my AI account they don't know anything about me. They have an email address, username and password, only two of which are used elsewhere and only on other forums. They'd have to hack and monitor many sites and grab IP data which they can then use to figure out my identity. Facebook is another story because that data is personal data but of my 3 accounts each use different data sets, which include emails and. of course, unique 50 character passwords, and completely private. Is it foolproof? Of course not, but making the password 123456 and then using that for all sites is just dumb. At least most sites at least protect you by not allowing you to have such weak passwords.
3) You say the IRS is understaffed and identify theft isn't punished harshly enough but your solution is to do nothing to protect yourself?
4) The legal system favours criminals? Why would you even write that?
5) No, you're not off the hook. If your credit is ruined because of someone else you have to go through a lot of work to get that resolved and even then it's likely going to cost you money and take a lot of time to fix your credit. If you choose not to do a modicum of effort to educate and protect yourself then you're likely going to be victimized before someone that does use a postal box for all their mail, shreds all documents with their name on it before trashing them, uses a credit monitoring services, uses complex and unique passwords, uses random recovery pass phrases, uses email aliases to set up spam watch lists, and uses two-step authentication when offered, and keeps all their files on encrypted drives. It doesn't mean I can't be victimized but the difficultly compared to you and your everything 123456 password is staggering.
I mean EXACTLY that! Every single day we read about yet another security breach allowing our user id’s and passwords to be stolen. From Target to LaCie, to the Schnuck’s grocery store chain in St. Louis, to the Heartbleed bug it has become perfectly clear that using strong passwords is USELESS if they can be stolen at will from websites or company servers.
This is my attitude as well, although I have decent passwords where they count. Personal info is very rarely stolen by anything figuring out ones password, either by sequential attack or by guessing what the user might use. It's nearly entirely done these days by getting into the vendor's files or grabbing it during a period of insecure passage, rendering 5ewE909iHts09uQi no more secure than mollyb32
IMHO, there's practically no point in having uber unguessable passwords for anything if that's not where the breach is.
Me. I just haven't gotten around to it yet I guess.
The passwords that I choose are extremely secure though. They're long, they use all sorts of strange characters, numbers and capital/small letters when possible, and they're not going to be guessed by any dictionary. I just keep track of them manually. It doesn't really bother me doing it that way, because I'm used to it and have been doing that for years, but I guess that I might eventually get a password manager one day.
I actually went and changed many of them last week, after I read about some huge security breach affecting certain sites.
Why not just use Apple's built-in password generator in Safari?
Interesting. Do you have unique passwords for everything? If so, how do manage all of them? I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. After Apple's Go To Fail bug was resolved I changed all of them. With this recent OpenSSL bug I changed all the ones of sites I knew were affected and resolved. I have 8 Google accounts, 3 iCloud accounts, 2 Dropbox accounts, and about 10 accounts for various financial institutions.
Except for the financial institutions — which are oddly stingy about password length and special characters — Google, iCloud and Dropbox all use 50 character alphanumerics with special characters that I could never remember. On top of that my select questions all have answers that are random strings thereby preventing social hacking techniques. I was able to systematically change them over time and keep track of which ones I changed with their Smart Folder feature so I could 1) see which had a date modified older a particular date and 2) which ones had a note field that wasn't blank (which is where I store that info). Took some time but a couple a day only takes a moment and soon enough potential threats are isolated to a particular site.
I can't imagine that being done well without a password manager which, among it's well known features, also has a security audit feature which 1) tells me which passwords are weak (not an issue for me), 2) informs me which passwords are duplicate (also no longer an issue for me), and 3) which passwords haven't been changed in awhile (6-12 months, 1-3 years, 3+ years).
1) Sure, nothing is foolproof but I fear more about having some website's server's hacked with my username and password from that site being tested on others than I am from someone stealing my MBP, getting past VileFault2 on said MBP, and then being able to get into my 1Password database that is protected by 256-AES encryption.
2) What security breach has directly affected 1Password?
This is my attitude as well, although I have decent passwords where they count. Personal info is very rarely stolen by anything figuring out ones password, either by sequential attack or by guessing what the user might use. It's nearly entirely done these days by getting into the vendor's files or grabbing it during a period of insecure passage, rendering 5ewE909iHts09uQi no more secure than mollyb32
IMHO, there's practically no point in having uber unguessable passwords for anything if that's not where the breach is.
And this is exactly it. The user isn't to blame in most of these cases we see in the media, yet, in true capitalist pass-the-buck fashion, the consumers are given the responsibility for maintaining INHUMAN password demands.
Even if your data is entirely inaccessible to you because you've secured it against yourself and social engineering, it still is stolen. So why are WE letting them put the responsibility on US? I'll tell you why: the tech world THRIVES on blaming the users for all of its shortcomings! That's why computers have remained in profitability. If people believed the computing tech and the companies presenting it were the real at fault party, there would have been a massive crackdown by now. But the conditioning is quite solid.
This industry relies on tech geeks maintaining the status quo in assuming that this is how it always was, always will be, and SHOULD BE. I, for one former tech geek, have stood up and said NO. I'm not contributing to the propaganda. It might not be conspiracy or intent, but it is definitely propaganda.
So why are WE letting them put the responsibility on US?
Your comment is the same as saying, "It's not my fault he was driving drunk when he sideswiped me so why is it my responsibility to wear a seatbelt?' If you don't want to protect your valuables that's your choice but I hope you're not going to act like a hypocrite and say "Why does this stuff always happen to me?" if your valuables are easily stolen and used by others. It's like choosing to not lock your car when you leave it unattended or keeping your house key under a potted plant or mat by your front door. It's not your fault that someone stole your belongings but it's your fault for choosing to make it easy to have your valuables stolen. I just hope you all don't have kids you're endangering by choosing to ignore even basic safeguards.
PS: I'm still waiting for your link to an article showing a 1Password security breach that would affect my DB.
Your comment is the same as saying, "It's not my fault he was driving drunk when he sideswiped me so why is it my responsibility to wear a seatbelt?' If you don't want to protect your valuables that's your choice but I hope you're not going to act like a hypocrite and say "Why does this stuff always happen to me?" if your valuables are easily stolen and used by others. It's like choosing to not lock your car when you leave it unattended or keeping your house key under a potted plant or mat by your front door. It's not your fault that someone stole your belongings but it's your fault for choosing to make it easy to have your valuables stolen. I just hope you all don't have kids you're endangering by choosing to ignore even basic safeguards.
PS: I'm still waiting for your link to an article showing a 1Password security breach that would affect my DB.
I disagree with that reasoning. There was a time when people freely left their doors unlocked. Morals are morals no matter how immoral the age in which we live.
I disagree with that reasoning. There was a time when people freely left their doors unlocked. Morals are morals no matter how immoral the age in which we live.
1) What does that have to do with people taking basic measures to protect themselves?
2) The times in which people kept left their homes (and cars) unlocked were in smaller societies where everyone knew each other. It had nothing to do with a shift in morals, but rather a shift in scale.
1) What does that have to do with people taking basic measures to protect themselves?
2) The times in which people kept left their homes (and cars) unlocked were in smaller societies where everyone knew each other. It had nothing to do with a shift in morals, but rather a shift in scale.
I was referring to your implication of fault. I think that's incorrect - it may be naive, for sure, but I wouldn't say fault. Subtle difference.
Your second point is not true. When my sister lived in Dubai, she never locked her jeep in the middle of town, like everyone else. Nothing to do with how many people you knew. And that was just a few years ago. It used to be the case that you didn't need to lock your front door. Everything to do with morals, nothing to do with scale.
I was referring to your implication of fault. I think that's incorrect - it may be naive, for sure, but I wouldn't say fault. Subtle difference.
What is wrong with saying people have a responsibility to protect themselves? I clearly stated that being attacked or robbed is not their fault but to say you bear no blame from purposely putting yourself in harms way is just passing the buck. I'm getting sick of people not taking any personal responsibility for what transpires in their lives.
Louis Pasteur's "“Chance favors the prepared" fits well here.
I knew someone that got pulled over for having an expired license plate. He also had a suspended license from not paying a speeding ticket and he didn't have insurance. He only saw it as bad luck that he got arrested because he wasn't speeding that day and "it's not his fault that cop happened to just get behind him on that day and run his plate". He didn't see how he set himself up for failure.
Your second point is not true. When my sister lived in Dubai, she never locked her jeep in the middle of town, like everyone else. Nothing to do with how many people you knew. And that was just a few years ago. It used to be the case that you didn't need to lock your front door. Everything to do with morals, nothing to do with scale.
it's absolutely true. A single anecdote from one person in one location does not mean that scale has no effect on security.
LaCie's willingness years ago to keep shipping bad drive power supplies long after it was clear there was a problem there painted them to me as a company who would stick their head in the sand and hope a problem would blow over soon because it's too much effort and expense to properly attend to in the most timely fashion. I'm not surprised by the calendar of events with this issue and have little faith in how they respond to anything.
Comments
I use pwSafe myself but either way such an app would be of no help here. They effectively have access to the more valuable information so I doubt the theirs even care about your password.
I only reluctantly use could services. Security is an issue but the bigger problem is the lack of guaranteed access. Probably the third big issue is the bandwidth usage which sucks, especially for mobile devices. This by the way is why I'm holding out for a real capacity bump in the new iOS devices this year.
1) The two-step authentication requires an authenticated device be used to retrieve a PIN to access from another device.
2) Sure, security issues happen constantly but the solution isn't to be even lazier in your efforts. If someone breaks into my AI account they don't know anything about me. They have an email address, username and password, only two of which are used elsewhere and only on other forums. They'd have to hack and monitor many sites and grab IP data which they can then use to figure out my identity. Facebook is another story because that data is personal data but of my 3 accounts each use different data sets, which include emails and. of course, unique 50 character passwords, and completely private. Is it foolproof? Of course not, but making the password 123456 and then using that for all sites is just dumb. At least most sites at least protect you by not allowing you to have such weak passwords.
3) You say the IRS is understaffed and identify theft isn't punished harshly enough but your solution is to do nothing to protect yourself? :???:
4) The legal system favours criminals? Why would you even write that? :no:
5) No, you're not off the hook. If your credit is ruined because of someone else you have to go through a lot of work to get that resolved and even then it's likely going to cost you money and take a lot of time to fix your credit. If you choose not to do a modicum of effort to educate and protect yourself then you're likely going to be victimized before someone that does use a postal box for all their mail, shreds all documents with their name on it before trashing them, uses a credit monitoring services, uses complex and unique passwords, uses random recovery pass phrases, uses email aliases to set up spam watch lists, and uses two-step authentication when offered, and keeps all their files on encrypted drives. It doesn't mean I can't be victimized but the difficultly compared to you and your everything 123456 password is staggering.
If the username and password is used at another site where more personal data including additional credit and debit cards are stored then it could be useful. For instance, what if you use the same at Geico insurance. They could then have automobile info. Or what about using that same username and password to get to a common site for mortgage or student loans. Mine all keep the bank's routing and account numbers and account type available for anyone to see that can log into my account. I'd like to limit this access as much as possible. Let the slowest of the herd be more likely to get taken down.
1) The two-step authentication requires an authenticated device be used to retrieve a PIN to access from another device.
2) Sure, security issues happen constantly but the solution isn't to be even lazier in your efforts. If someone breaks into my AI account they don't know anything about me. They have an email address, username and password, only two of which are used elsewhere and only on other forums. They'd have to hack and monitor many sites and grab IP data which they can then use to figure out my identity. Facebook is another story because that data is personal data but of my 3 accounts each use different data sets, which include emails and. of course, unique 50 character passwords, and completely private. Is it foolproof? Of course not, but making the password 123456 and then using that for all sites is just dumb. At least most sites at least protect you by not allowing you to have such weak passwords.
3) You say the IRS is understaffed and identify theft isn't punished harshly enough but your solution is to do nothing to protect yourself?
4) The legal system favours criminals? Why would you even write that?
5) No, you're not off the hook. If your credit is ruined because of someone else you have to go through a lot of work to get that resolved and even then it's likely going to cost you money and take a lot of time to fix your credit. If you choose not to do a modicum of effort to educate and protect yourself then you're likely going to be victimized before someone that does use a postal box for all their mail, shreds all documents with their name on it before trashing them, uses a credit monitoring services, uses complex and unique passwords, uses random recovery pass phrases, uses email aliases to set up spam watch lists, and uses two-step authentication when offered, and keeps all their files on encrypted drives. It doesn't mean I can't be victimized but the difficultly compared to you and your everything 123456 password is staggering.
You don’t get it do you.
I sincerely wish you the best of luck because that's truly your only defense at this point.
I mean EXACTLY that! Every single day we read about yet another security breach allowing our user id’s and passwords to be stolen. From Target to LaCie, to the Schnuck’s grocery store chain in St. Louis, to the Heartbleed bug it has become perfectly clear that using strong passwords is USELESS if they can be stolen at will from websites or company servers.
This is my attitude as well, although I have decent passwords where they count. Personal info is very rarely stolen by anything figuring out ones password, either by sequential attack or by guessing what the user might use. It's nearly entirely done these days by getting into the vendor's files or grabbing it during a period of insecure passage, rendering 5ewE909iHts09uQi no more secure than mollyb32
IMHO, there's practically no point in having uber unguessable passwords for anything if that's not where the breach is.
Me. I just haven't gotten around to it yet I guess.
The passwords that I choose are extremely secure though. They're long, they use all sorts of strange characters, numbers and capital/small letters when possible, and they're not going to be guessed by any dictionary. I just keep track of them manually. It doesn't really bother me doing it that way, because I'm used to it and have been doing that for years, but I guess that I might eventually get a password manager one day.
I actually went and changed many of them last week, after I read about some huge security breach affecting certain sites.
Why not just use Apple's built-in password generator in Safari?
Interesting. Do you have unique passwords for everything? If so, how do manage all of them? I have 294 items in 1Password. 260 of them are internet logins. Each of these have unique passwords. After Apple's Go To Fail bug was resolved I changed all of them. With this recent OpenSSL bug I changed all the ones of sites I knew were affected and resolved. I have 8 Google accounts, 3 iCloud accounts, 2 Dropbox accounts, and about 10 accounts for various financial institutions.
Except for the financial institutions — which are oddly stingy about password length and special characters — Google, iCloud and Dropbox all use 50 character alphanumerics with special characters that I could never remember. On top of that my select questions all have answers that are random strings thereby preventing social hacking techniques. I was able to systematically change them over time and keep track of which ones I changed with their Smart Folder feature so I could 1) see which had a date modified older a particular date and 2) which ones had a note field that wasn't blank (which is where I store that info). Took some time but a couple a day only takes a moment and soon enough potential threats are isolated to a particular site.
I can't imagine that being done well without a password manager which, among it's well known features, also has a security audit feature which 1) tells me which passwords are weak (not an issue for me), 2) informs me which passwords are duplicate (also no longer an issue for me), and 3) which passwords haven't been changed in awhile (6-12 months, 1-3 years, 3+ years).
1) Sure, nothing is foolproof but I fear more about having some website's server's hacked with my username and password from that site being tested on others than I am from someone stealing my MBP, getting past VileFault2 on said MBP, and then being able to get into my 1Password database that is protected by 256-AES encryption.
2) What security breach has directly affected 1Password?
iCloud wasn't affected.
And this is exactly it. The user isn't to blame in most of these cases we see in the media, yet, in true capitalist pass-the-buck fashion, the consumers are given the responsibility for maintaining INHUMAN password demands.
Even if your data is entirely inaccessible to you because you've secured it against yourself and social engineering, it still is stolen. So why are WE letting them put the responsibility on US? I'll tell you why: the tech world THRIVES on blaming the users for all of its shortcomings! That's why computers have remained in profitability. If people believed the computing tech and the companies presenting it were the real at fault party, there would have been a massive crackdown by now. But the conditioning is quite solid.
"All software has bugs"
http://angryartboy.blogspot.com/2012/08/still-no-accountability-in-computer.html?m=1
"Your data isn't secured unless YOU [can't access it yourself]"
http://angryartboy.blogspot.com/2012/10/accessibility-not-just-for-people-with.html
"RTFM!"
http://angryartboy.blogspot.com/2011/02/good-manuals-matter.html
"Users are idiots"... and so on!!
This industry relies on tech geeks maintaining the status quo in assuming that this is how it always was, always will be, and SHOULD BE. I, for one former tech geek, have stood up and said NO. I'm not contributing to the propaganda. It might not be conspiracy or intent, but it is definitely propaganda.
Your comment is the same as saying, "It's not my fault he was driving drunk when he sideswiped me so why is it my responsibility to wear a seatbelt?' If you don't want to protect your valuables that's your choice but I hope you're not going to act like a hypocrite and say "Why does this stuff always happen to me?" if your valuables are easily stolen and used by others. It's like choosing to not lock your car when you leave it unattended or keeping your house key under a potted plant or mat by your front door. It's not your fault that someone stole your belongings but it's your fault for choosing to make it easy to have your valuables stolen. I just hope you all don't have kids you're endangering by choosing to ignore even basic safeguards.
PS: I'm still waiting for your link to an article showing a 1Password security breach that would affect my DB.
Your comment is the same as saying, "It's not my fault he was driving drunk when he sideswiped me so why is it my responsibility to wear a seatbelt?' If you don't want to protect your valuables that's your choice but I hope you're not going to act like a hypocrite and say "Why does this stuff always happen to me?" if your valuables are easily stolen and used by others. It's like choosing to not lock your car when you leave it unattended or keeping your house key under a potted plant or mat by your front door. It's not your fault that someone stole your belongings but it's your fault for choosing to make it easy to have your valuables stolen. I just hope you all don't have kids you're endangering by choosing to ignore even basic safeguards.
PS: I'm still waiting for your link to an article showing a 1Password security breach that would affect my DB.
I disagree with that reasoning. There was a time when people freely left their doors unlocked. Morals are morals no matter how immoral the age in which we live.
1) What does that have to do with people taking basic measures to protect themselves?
2) The times in which people kept left their homes (and cars) unlocked were in smaller societies where everyone knew each other. It had nothing to do with a shift in morals, but rather a shift in scale.
1) What does that have to do with people taking basic measures to protect themselves?
2) The times in which people kept left their homes (and cars) unlocked were in smaller societies where everyone knew each other. It had nothing to do with a shift in morals, but rather a shift in scale.
I was referring to your implication of fault. I think that's incorrect - it may be naive, for sure, but I wouldn't say fault. Subtle difference.
Your second point is not true. When my sister lived in Dubai, she never locked her jeep in the middle of town, like everyone else. Nothing to do with how many people you knew. And that was just a few years ago. It used to be the case that you didn't need to lock your front door. Everything to do with morals, nothing to do with scale.
What is wrong with saying people have a responsibility to protect themselves? I clearly stated that being attacked or robbed is not their fault but to say you bear no blame from purposely putting yourself in harms way is just passing the buck. I'm getting sick of people not taking any personal responsibility for what transpires in their lives.
Louis Pasteur's "“Chance favors the prepared" fits well here.
I knew someone that got pulled over for having an expired license plate. He also had a suspended license from not paying a speeding ticket and he didn't have insurance. He only saw it as bad luck that he got arrested because he wasn't speeding that day and "it's not his fault that cop happened to just get behind him on that day and run his plate". He didn't see how he set himself up for failure.
it's absolutely true. A single anecdote from one person in one location does not mean that scale has no effect on security.
LaCie's willingness years ago to keep shipping bad drive power supplies long after it was clear there was a problem there painted them to me as a company who would stick their head in the sand and hope a problem would blow over soon because it's too much effort and expense to properly attend to in the most timely fashion. I'm not surprised by the calendar of events with this issue and have little faith in how they respond to anything.