Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Internet Security PSA
Old 01-23-2012, 10:01 AM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,979
Internet Security PSA

A lot of us here do transactions online. Maybe I'm the only one, but I was reading some internet security tips this morning, and I never realized this one. I'd noticed the 's', but I assumed it was just to accomodate more traffic (wrong).

And I checked, Vanguard does comply. FWIW...
Quote:
Most URLs will begin with the familiar "http" before the site's address. News, entertainment and other general interest websites all use this format for their URLs.

But these days, if money is about to change hands or you're asked to share sensitive information such as your Social Security number, it's a good idea to look for a URL with an extra letter, says Andrea Eldridge, CEO and co-founder of Nerds On Call, a computer and electronics repair service based in Redding, Calif.

"Make sure that anytime that you are putting in sensitive information that the Web address starts with 'https' instead of 'http,'" Eldridge says. "That little 's' stands for secure, so the website has to have additional security precautions on the page keeping you safer and a whole lot less likely to have your information stolen."
__________________

__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 01-23-2012, 11:00 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,623
The s makes it relatively more secure, but not totally secure by a long shot.
__________________

__________________
Pas de lieu Rhône que nous.
braumeister is online now   Reply With Quote
Old 01-23-2012, 11:08 AM   #3
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,934
Exactly - - you are still vulnerable if you your computer itself is not secure. You could have a keylogger, and if you use the software keyboard provided with windows to dodge the keyloggers, some hackers can see your desktop and what you are typing on the software keyboard. There are so many ways that one's computer can be compromised.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is offline   Reply With Quote
Old 01-23-2012, 11:38 AM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,979
Understood.
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is offline   Reply With Quote
Old 01-23-2012, 11:51 AM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,649
A lot of sites use http for browsing catalogs, etc and then switch to https for logon, purchase and other features. Https is a little more data intensive although not a big deal for most these days. I think some email programs still use the split between https for signon and http for reading messages. Gmail switched to https for the entire session.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is online now   Reply With Quote
Old 01-23-2012, 11:56 AM   #6
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,136
https means that the data transmission is encrypted (secure socket layer) so that someone using a sniffer on the network cannot see the text being typed.

However, if the PC you are using has been compromised with a keyboard logger then the letters you type are read before they are encrypted and transmitted over the network.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 01-23-2012, 03:26 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Quote:
Originally Posted by W2R View Post
Exactly - - you are still vulnerable if you your computer itself is not secure. You could have a keylogger, and if you use the software keyboard provided with windows to dodge the keyloggers, some hackers can see your desktop and what you are typing on the software keyboard. There are so many ways that one's computer can be compromised.
What I do only for key financial sites:
1) type in the last letters of the login
2) defocus -- type in some dummy letters off to the side of the window
3) type in the front letters of the login
4) do same for password (steps 1 - 3)

It won't defeat all keyloggers I'm told but at least the garden variety ones. It may seem a bit of a bother, but it's easy to get used to.

Also, standard procedure is to select "strong" passwords.
__________________
Lsbcal is online now   Reply With Quote
Old 01-23-2012, 05:24 PM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,979
Quote:
Originally Posted by Lsbcal View Post
What I do only for key financial sites:
1) type in the last letters of the login
2) defocus -- type in some dummy letters off to the side of the window
3) type in the front letters of the login
4) do same for password (steps 1 - 3)

It won't defeat all keyloggers I'm told but at least the garden variety ones. It may seem a bit of a bother, but it's easy to get used to.

Also, standard procedure is to select "strong" passwords.
I do worry about key loggers. I do have "strong" passwords and change them periodically. But I'd never thought of your method, essentially adding superfluous characters. I'll have to try that, thanks!
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is offline   Reply With Quote
Old 01-23-2012, 05:45 PM   #9
Recycles dryer sheets
 
Join Date: Aug 2011
Location: Atlanta
Posts: 420
Quote:
Originally Posted by Midpack View Post
A lot of us here do transactions online. Maybe I'm the only one, but I was reading some internet security tips this morning, and I never realized this one. I'd noticed the 's', but I assumed it was just to accomodate more traffic (wrong).

And I checked, Vanguard does comply. FWIW...
years ago I noticed some smaller operations didn't use secure connections but have not noticed any non secure connections in years. I always check .
__________________
SJ1_ is offline   Reply With Quote
Old 01-23-2012, 06:13 PM   #10
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,136
Quote:
Originally Posted by SJ1_ View Post
years ago I noticed some smaller operations didn't use secure connections but have not noticed any non secure connections in years. I always check .
Just 3 years ago we were set to buy our season tickets at the little theatre we went to in Baton Rouge and they had now gone on-line which appeared to be great for selecting seats etc, but when it came to pay the site remained as http:, so we wrote a check and mailed it in.

This week I received my secure key from HSBC UK. It is larger than a credit card with a number pad and display. To log on I use a bookmark to get to the site, then enter the username (I have the site "remember" the username so no typing needed). I am then prompted for the answer to a security question. Then I have to key in my 8 digit PIN to the secure key device, and enter the 6 digit number that comes on the display.

Not much chance of a key logger or a phishing site getting around that process.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 01-23-2012, 09:38 PM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
pb4uski's Avatar
 
Join Date: Nov 2010
Location: Vermont & Sarasota, FL
Posts: 16,468
Quote:
Originally Posted by Alan View Post
Just 3 years ago we were set to buy our season tickets at the little theatre we went to in Baton Rouge and they had now gone on-line which appeared to be great for selecting seats etc, but when it came to pay the site remained as http:, so we wrote a check and mailed it in.

This week I received my secure key from HSBC UK. It is larger than a credit card with a number pad and display. To log on I use a bookmark to get to the site, then enter the username (I have the site "remember" the username so no typing needed). I am then prompted for the answer to a security question. Then I have to key in my 8 digit PIN to the secure key device, and enter the 6 digit number that comes on the display.

Not much chance of a key logger or a phishing site getting around that process.
DD uses a similar process to log onto her employer's VPN.
__________________
pb4uski is online now   Reply With Quote
Old 01-23-2012, 10:02 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
TromboneAl's Avatar
 
Join Date: Jun 2006
Posts: 11,199
I think that periodically changing your passwords is not that useful. Convince me it's worth the effort.
__________________
Al
TromboneAl is offline   Reply With Quote
Old 01-23-2012, 10:17 PM   #13
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,136
Quote:
Originally Posted by TromboneAl View Post
I think that periodically changing your passwords is not that useful. Convince me it's worth the effort.
I don't think it is useful.

I do think it is important to have a different password for your financial accounts than for less secure sites. e.g. e-mail, Facebook, ER.org etc.

It's more important to have a strong password than one that changes.

A site whose admins can tell you what your password is, should you forget it, is NOT a secure site IMO. Password files should be encrypted and the best that site admins should be able to do is issue a new password.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 01-23-2012, 10:36 PM   #14
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,709
Question for some, "How long is your secure password, and is it random?"
__________________
target2019 is offline   Reply With Quote
Old 01-23-2012, 11:00 PM   #15
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,136
Quote:
Originally Posted by target2019 View Post
Question for some, "How long is your secure password, and is it random?"

9, contains numbers, letters and special characters, and is random.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 01-23-2012, 11:13 PM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,695
Quote:
Originally Posted by target2019 View Post
Question for some, "How long is your secure password, and is it random?"
Password phrases could make this easier. Example:
Stalin, Roosevelt, and Churchill met at Yalta in 1945 !!

becomes:
StRoChYa45!!
__________________
Lsbcal is online now   Reply With Quote
Old 01-24-2012, 07:27 AM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,649
Quote:
Originally Posted by TromboneAl View Post
I think that periodically changing your passwords is not that useful. Convince me it's worth the effort.
I agree. The fear was someone would get the encrypted password file from the company server and use things like dictionary attacks to crack passwords. If you have strong passwords, crackers won't get to them (or at least didn't used to). Credit card numbers get snatched and used all the time. But how many people do you know that have had their online accounts misused for financial fraud?
__________________

__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Paying for the "payroll tax" cut veremchuka FIRE Related Public Policy 124 03-20-2012 03:33 PM
Online bank security at login Alan Other topics 23 10-22-2011 05:09 AM
A serious PSA test thread (long beginning) donheff Health and Early Retirement 11 10-14-2011 03:46 PM

 

 
All times are GMT -6. The time now is 10:02 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.