RANT: CSFB stupid “security theater”

Wednesday, February 15, 2012

OBVIOUS STUPIDITY!

Call up to find out where my pension check is.

Called, went through all the automated questions, and then the operator comes on after a short wait and asks me for my password.

What password?

(Ignores the concept that a “password” is a shared secret. If I knew and told her, then it’s no longer a secret. And, a static password! Please. Even Google two factor authentication is better.)

So we can do anything without them mailing me a new temporary password.

Now envision that I sent them in all my paperwork by certified mail and suggest that number as an authenticator. Or that they call me back. Or that they send me a fax or an email.

Argh!

And, who says that US Mail is secure, unless it’s sent certified mail. (We know they won’t do that because it costs more.)

# – # – # – # – #  2012-Feb-15 @ 13:32

 

 

Leave a Comment » | Ranting | Tagged: , , , , | Permalink
Posted by reinkefj

TECHNOLOGY: Strengthen All Your Passwords

Thursday, February 9, 2012

http://blog.lastpass.com/2012/02/resolutions-with-lastpass-10-strengthen.html

Feb 8, 2012
Resolutions with LastPass: #10 Strengthen Your Master Password

*** begin quote ***

For the last installment in our resolutions series, we wanted to touch upon an important aspect of using LastPass: the strength of your master password. At LastPass, we’ve always touted we’re “the last password you’ll ever need”. With only one strong password to remember and a host of customizable security options, you can let LastPass take care of the rest. So it goes without saying, then, that your LastPass master password should be strong and unique while still memorable.

*** end quote ***

Personally,

I never use (i.e., reuse) the same password anywhere. I used to use my SecureId token to generate random numeric passwords. When it died, I moved to a book code to generate passwords. Then, I generated pages of random noise with http://clsc.net/tools/random-string-generator.php as the tool.

(1) for websites that I won’t have to authenticate to manually, I let LASTPASS give me a random string that’s as long as the site allows.

(2) for websites that I will have type or tap in, I use four random words with a special characters as separators. And, I log in once from a real keyboard and let LASTPASS capture it.

(3) for bank accounts and other sites related to finances, I do the old fashioned random sentence like “wrong#sign#bridge#fall#down#nooo#partial#credit”. With a LASTPASS safe not with a reminder: “What did Doctor Zia say about a sign error? With #’s”.

I don’t trust anyone with my money. :-) Even myself.

Hope this helps?

# – # – # – # – #

 

 

Leave a Comment » | Technology | Tagged: , , , , | Permalink
Posted by reinkefj