SERVICE: LASTPASS’ security check

Monday, December 3, 2012

https://lastpass.com/index.php?securitychallenge=1

The security check ignore how I use LASTPASS.

I keep my old passwords in LASTPASS as well as all non-critical new ones. (No one gets the passwords to my financial accounts. Those I have memorized. If I ever get alzs, I’m in trouble.) So what the security check calls dupes are either iteration of the same account. Not every url is a simple single entry point.

Additionally, there is a need to keep old passwords for restored systems,

Another topic, I have problem is those secondary authentication questions for lost passwords. I NEVER give the correct answers. In fact, I use last pass’ tool generate to create the answers. And they are unique by site. So my favorite book might be “4zm7#ut47″ on one site and “ut47#vj4a” on another. I use special notes for those. But it would be nice if last pass helped me with them.

so I don’t agree with my score.

fjohn

–30–


TECHNOLOGY: LIFELOCK teaches care in the use secondary passwords for primary password reset

Friday, January 13, 2012

http://www.lifelock.com/identity-theft/types/

How Identities Are Stolen
When it comes to identity theft, the first step in protecting yourself is learning what thieves are doing to steal your personal information.

# – # – #

 

Interesting that LIFELOCK doesn’t have their commercials on their websites. GODADDY, boo hisss sopa-lover, integrates their hyper-sex commercials with their website (i.e., the TV commercial points to the X-rated version and the website has both the TV version and the “X-rated one. I’d dispute the X rating. Yeah, they sucked the lecherous me to watch. I, of course, did it from a technology and moral arbiter pov. Just so you didn’t have to endure it.) LIFELOCK misses the opportunity to reinforce their message.

MORE interesting, is that LIFELOCK’s TV commercial points out the flaw in what I’ll call secondary authentication and what the banks call “easy password recovery”. Argh! Those “password reset” questions are really passwords controlling the reset function. Mother’s Maiden Name, Date of Birth, Pet’s Name.

ARGH!

Absolute stupidity.

I know why the banks and others do it. They don’t want the expense of fielding a telephone call for a password reset. (When I was at CSFB, I figured each one cost “me” 45$. I figured a clever way to “solve” that problem at ZERO cost. Hire me and I’ll share it.)

So, how does the average User defend themselves?

(1) Never ever use these resets for the named purpose? For examples, “Mother’s Maiden Name” for me might be “TAYLOR_SWIFT”; DOB for me is 10/19/62 (Cuban Missile Crisis); Pet’s name is “58#ae#MK#Es#82″. All carefully captured on paper.

(2) Use a tool like LASTPASS, KEYPASS, or 1PASSWORD for NON-FINANCIAL uses.

(3) Use real passwords that you memorize or write down in your calendar or note book for FINANCIAL sites.

(4) Always insist that FINANCIAL institutions or SERVICE PROVIDERS send you a paper bill. Upon receipt, take the statement and review it. Initial EVERY page.

(5) Never permit any one or any thing to have direct access to your financial accounts. (Made that mistake once.)

# – # – # – # – #

 

 


SERVICE: Generate safe passwords

Wednesday, January 21, 2009

http://www.safepasswd.com/  

I like it but I’d prefer if it would generate a page at a time.

Like a one time pad.

# # # # #


Follow

Get every new post delivered to your Inbox.

Join 1,069 other followers

%d bloggers like this: