|
Password Strength
An eye opener how fast people crack open your bank account.
https://www.youtube.com/watch?v=7U-RbOKanYs |
Why I won't let my bank set up an online account.
|
I do, but I don't use words found in any dictionary. Just random use of no less than a combination of 12 (more the better) letters, special characters and numbers with a 2FA or two step verification. If your credit/debit cards get compromised its usually because people just aren't paying attention or save them in an online retailer provided wallet. Rather than attack individuals hackers will hack through a retailers security to get your and a lot of others information. I also shop online but never save credit card numbers as retailers try to convince us 'for your convenience'.
Should add too, my bank allows me to freeze and unfreeze my card between use. I also set up alerts and receive a text every time a card is used for a purchase by me or anyone, very convenient. That and I only browse using HTTPS only mode helps too. |
Quote:
|
I don't have enough money to be worried about any of this :salute: But just keep your hands off my nuts
|
I've crossed swords with a couple of people that used to specialise in this type of thing and it can be quite an eye opening experience.
|
For sensitive, money-related things, I use randomly choosen combinations of letters, numbers and symbols, not shorter than 20 characters, and 2 way authentication.
With more laidback puposes, I indeed use easy to remember words. Forum accesses for example. The first i store on usb sticks, i never use any sort of password managers for them and do not save them encrypted or else on hd or online. Paste and copy, after the transaction done the stick gets disconnected physically and goes back to the safe. System gets a cold start afterwards and browser gets cleaned. I do not allow cookies much andstoring of typed in content. I also do such actions only on a second, hardened system running linux. Windows is a lousy choice and keyloggs any entry and phones it home to MS and NSA. I NEVER would do banking via smartphone again, or shopping. My smartphone holds no personal or sensitive data or files whatever. Ikeep it simpler with uncritical purposes and very tough and uncomfortable with sensitive purposes. |
Here you have a four-steps when doing online banking.
First you have to add your social security number, secondly a code, which you have chosen. Third you will be given a code 4 digit and this 4 code digit is equivalent to a 6 digit code. Markus |
I'd like to have an account at a bank that has no internet access. I'd consider it a feature. ...But then have a few bank employees get covid and bam no open bank for the next two months. Not so great for safety deposit box access either.
|
I think that in these days if a bank has a computer it can be breached without anyone having to be in the same room, whether it's connected to the internet or not using passive RF reflector communication
Find the NSA's ANT Catalog, it's amazing the things they can do! (if you dare, they're watching you) :D Heck your next door neighbor could conceivably be watching your computer screen in real time using an AirSpy SDR. |
In the news some hours ago.
In 2019 there was reported 1410 cases of it-fraud or attempt. In 2020 there was reported 19-something of it-fraud or attempt. A majority of these it-fraud was against elderly people who has gotten they bank account emptied by some fake bank assistanse, claiming they are from the bank. Markus |
|
Defence against burglars must be physically robust. Not electronically sexy.
My own flat's safety and safe reflect that. Now electronics, but very robust material than cannot be overwhelmed in just 15 minutes or so. Cameras and lights are overestimated. Professional burglars do not mind, but are prepared and know the reaciton times of police the the city sector. Many people mistake felt security that is not real, with real substantial security. According businesses win good profits with that. |
Quote:
https://i.imgflip.com/1r469o.jpg <O> |
|
Quote:
Well, the gist of this thread has suddenly become relevant to me. I subscribe to a service the USPS offers where they email me a scan of any mail they process for my address; I usually use this to decide if I'll bother to go and retrieve my mail from the mailbox or leave it for a bit, sort of 'if its junk mail, it can wait'; last Friday, the scan showed a piece of junk mail and a letter from the insurer who administers my Medicare/Medi-Cal health insurance coverage; I thought it was just another of the monthly summaries of what was expended by the plan on my behalf, some thing which does not normally require me t respond in any way, so I left it there in the box; Saturday, the scan showed no new mail, so I also left the box untouched; yesterday night, Sunday, on the way home, I took the mail from my mailbox, but did not open it; today. I opened what I expected to be the usual monthly summary form the insurance company and found out I was being notified there had been a breach of patient records and that my data was part of the breach; the insurance company stated the breach had been a hack of a third -party service they contracted with to provide interface between the various entities involved in my coverage; so far, it seems the extent of the data is minimal and will not necessarily affect me financially; the insurer also stated they had terminated the third-party service (Duh!!) and offered me one year of cyber-security coverage for free for continued monitoring of any of my other accounts; like not a few of the others on this forum, I also have had a dim view of putting out too much info of websites and also have kept any financial dealings down to a very bare minimum (I don't even have credit cards), so I really doubt I am currently at much risk, but the incident does underscore just how tenuous the security of our data really is and how, even though one might have a degree of confidence in the security efforts of the entities we primarily deal with, we really have little to no knowledge of, or control over, the third-party contractor with whom they do business or with whom they contract and allow to access our data... <O> |
When OPM got hacked I got a free year of cyber security too. Of course that year ended a long time ago and now I'm paying for it. Since then I've had two credit cards compromised. But thanks to instant bank notifications and the ability to freeze the cards until I need them. The thieves got nothing. However I think they must have gotten them by breaking into a major retail data bank rather than my computer.
Passwords are important. The people who hacked your information may not have gotten any passwords to break into and immediately see any of your sensitive data. But they may have seen your name and the length of your password. How far they can go depends on the length and complexity of that password. Back in the day an 8 character password was considered strong and very effective. Not today though. Today's desktop computers with a good hack program can take an 8 character password with upper and lower case letters and crack it by brute force in less than 9 minutes. Adding numbers and special characters to it and only takes them 2.5 hours to hack. And DO NOT ever ever use dictionary words in a password no matter how long you make them. Hack programs have and search through every imaginable word and variance Moon*Rocks or M0-0nRock$* it doesn't matter. Those kind of passwords will be brute forced instantly Today it is mandatory your password is no less than 12 RANDOM characters. Simply using 12 random upper and lower case letters increases the time to brute force to 123 years (390 quintillion probabilities). Add special characters and numbers to it and you increase the time to hack to over 8,500 years (26 sextillion probabilities) Tighten up those passwords! I use five 12 to 16 random character passwords comprised of upper, lower case letters, number and special characters. I never save them on my PC and I couldn't remember them if I tried, I have to write them down. So as an additional security measure should anyone find the list, I run them together in one long string. Only thing I have to commit to memory is where the breaks are that separates them and what they go too. |
I forgot, just a few days ago I submitted a SPAM report. That's another thing you need to watch out for and be careful with a type of hack called Social Engineering. They can be found in emails, message boards or blogs. The hacker posts what looked like everyday spam, a small well written paragraph that made what he was selling look interesting, useful, increasing your curiosity. Made ya want to click on that link to see what it was.
DON'T EVER FALL FOR IT. It could be more than just a spammer trying to sell you something. That link could actually be malicious and lead to a security breach without you ever knowing about it until its too late. Instead let the cursor hover over link to see the entire url first before you click on it. Better yet just ignore it |
Maintain two systems, and never ever mix their content. One simple one with non-Windows and only meant for banking or trusted shopping, very sensible emailing with adresses you never share with just anybody, the other system for surfing, gaming, working, whatever.
I do so since years. And never ever have email adresses, emailing, shopping, paying, banking installed on your cellphone. NEVER. Nothing personal on your smartphone. NOTHING expect your google account data. Needless to say: keep your google account empty and tidy, do not use their services requesting you to have GPS and tracking on, personal profiling on, personal data sharing on, cloud computing on, all that beeping, blinkling sweet candy-kind of glamour child's play-stuff. Think of all that as refined white sugar or glucose sirup. Its sweet, it makes many things taste better, its offered everywhere, all the time, in everything, the temptation is omnipresent. But your health is better off without it. Even more, your health will NEVER EVER benefit from it in any way if you consume it. |
Think about all the links people post on subsim to confirm our bias. Anyone of us could instead post a malicious url. Thankfully most of us have enough problems just trying to figure out how to turn our computers on let alone hacking one.
But start practicing good security habits keeping things in mind like Skybird suggests strong passwords, isolated, neat, and tidy systems, VPNs, 2FA. Know what a malicious address might look like and learn to float the cursor over the link to see the complete url before clicking on it. I'm pretty sure the 5 Eyes Alliance has the means to see everything anyway. But I use protonmail end to end encryption, Norton anti-virus and VPN to give me an even greater illusion of security against everyone else ;) |
| All times are GMT -5. The time now is 09:03 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Copyright © 1995- 2025 Subsim®
"Subsim" is a registered trademark, all rights reserved.