Scutts   10 #13 Posted April 2, 2017 Because the answers to the questions they ask are usually fairly easy to find out.  The lesson really is not to blabb about your whole life online then.  Nobody knows the name of my first pet because it was 40 years ago and I've had no inclination or reason to tell the whole world... Share this post Link to post Share on other sites Share this content via...
Jomie   30 #14 Posted April 2, 2017 Useful advice here: A financial hacker shows the simple mistakes we make every day. Share this post Link to post Share on other sites Share this content via...
altus   540 #15 Posted April 2, 2017 The lesson really is not to blabb about your whole life online then. Nobody knows the name of my first pet because it was 40 years ago and I've had no inclination or reason to tell the whole world... The problem is that relies on everyone else who knows the information not blabbing as well. e.g. Someone only has to mention that someone else is your uncle and that's your mother's maiden name identified.  It's best to give nonsensical answers to the questions. Share this post Link to post Share on other sites Share this content via...
Obelix   11 #16 Posted April 3, 2017 (edited) I always thought Keepass was the best one but a couple of sites are recommending Lastpass 4.0 (which has a free and a paid for version) as the best one out there. http://uk.pcmag.com/password-managers-products/39332/guide/the-best-free-password-managers-of-2017  http://www.techradar.com/news/software/applications/the-best-password-manager-1325845  http://lifehacker.com/5944969/which-password-manager-is-the-most-secure  No excuses.....  http://www.pcworld.com/article/2936621/the-lastpass-security-breach-what-you-need-to-know-do-and-watch-out-for.html  http://www.pcworld.com/article/227268/lastpass_ceo_exclusive_interview.html  Keepass is entirely offline if you want it to be, hence I use it. Edited April 3, 2017 by Obelix Share this post Link to post Share on other sites Share this content via...
sgtkate   10 #17 Posted April 3, 2017 Do you use your credit card online? Verfied by Visa and Mastercard SecureCode only require your date of birth in addition to the details on your credit card to reset your password! A more thorough examination of how bad they are can be found in this PDF:- Verified by Visa and MasterCard SecureCode: How Not to Design Authentication.  Yes I do, but the point is that if someone clones my card then a shop has none of that extra security. You could carry cash but if you get robbed it's all gone. You could use paypal but then someone could steal your password.  Nothing online or on the high street is 100% safe, it's about making the right decisions of risk vs reward. This is my day job, this is what I do albeit not for online security but for other things. Analysing digital risk and choosing the best way to defend against those risks without making our systems impossible to use is most of what I spend my time doing. As well as arguing the toss with people on here!  ---------- Post added 03-04-2017 at 10:00 ----------  The lesson really is not to blabb about your whole life online then. Nobody knows the name of my first pet because it was 40 years ago and I've had no inclination or reason to tell the whole world...  That info is probably fine, but seems pointless to me when you can just make something up anyway. But your mother's maiden name? Not hard to find out if I had your name. Same as many other things like first school, favourite sports team and so on.  Have you heard of social engineering? It's where someone tries to find out enough about you to be able to either hack you or pretend to be you to get credit cards or loans. There was a great experiment done in a train station where people posed as researchers from a local university and stopped and asked commuters about their day. Things like, where are you commuting from and to? Do you have a long walk once you leave the station? What size company do you work for? Does your wife/husband partner commute too? What about kids? Have you moved to this area or were you born here? All seem innocuous, but nearly everyone will say their partners name, where they grew up, their kids names and so on yet they aren't asked for those details at all, just clever questioning. Now that interviewer asks for your email address so they can send through follow up questions and nearly everyone gives it...you've just given everything a stranger needs to start taking out credit in your name or hack into your accounts.  ---------- Post added 03-04-2017 at 10:01 ----------  No excuses..... http://www.pcworld.com/article/2936621/the-lastpass-security-breach-what-you-need-to-know-do-and-watch-out-for.html  http://www.pcworld.com/article/227268/lastpass_ceo_exclusive_interview.html  Keepass is entirely offline if you want it to be, hence I use it.  Yeah, I really need to migrate over. It's been on my to-do list for ages and not got around to it. We use Keepass for password management at work so I do rate it. Share this post Link to post Share on other sites Share this content via...
Goooooogle   10 #18 Posted April 3, 2017 All good advice in this thread.  I would add , turn on two factor authentication wherever available.  https://twofactorauth.org/  https://www.turnon2fa.com/  (personally I use lastpass and keepass) Share this post Link to post Share on other sites Share this content via...
