Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 06-02-2013, 04:58 PM   #21
Thinks s/he gets paid by the post
veremchuka's Avatar
 
Join Date: Oct 2010
Location: irradiated - too close to the nuclear furnace
Posts: 1,294
Quote:
Originally Posted by rbmrtn View Post
We had similar, in addition you had to use their password generator which gave a string of gibberish for the password.

One system I worked on had a "challenge=response system". The gave you a magic decoder device, when you connected their system sent you a string that you had to run through the decoder, take the output from that, send it back and then you were actually able to login.
We had a methodology for use at home when logging into the mainframe. The device was called VPN or it generated a VPN password. This generated new passwords every second.

I complained to Vanguard about their weak userid and passwords back in the winter. They told me via a phone and email that changes are in the works and they expected to roll it out in August of this year. She said that may slip but it should be soon after that like a couple of months. So keep you eye open for this and hopefully they do it asap!
__________________

__________________
veremchuka is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 06-02-2013, 04:59 PM   #22
Thinks s/he gets paid by the post
 
Join Date: Jul 2005
Posts: 3,862
Quote:
Originally Posted by ERD50 View Post
Also, about that icon thing that Vanguard and others show when you've logged on, but before you put in your password - it's an icon you picked, so it is some protection against a generically spoofed site to capture your password as they would not know your icon. But if they first guess your logon, they can capture your icon too. And now all they need is a 10 digit PW. Not good enough, IMO.

-ERD50
It seems it would be super easy for a spoof site to ask you to enter your user name, send it to the real site, read back your special icon, and then put up a fake page with the correct icon.
__________________

__________________
Animorph is offline   Reply With Quote
Old 06-02-2013, 08:41 PM   #23
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,284
Quote:
Originally Posted by Animorph View Post
It seems it would be super easy for a spoof site to ask you to enter your user name, send it to the real site, read back your special icon, and then put up a fake page with the correct icon.
Yes, I guess I'm not devious enough to think of that! And it could all be done by a robot. Scary.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 06-02-2013, 09:31 PM   #24
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by Animorph View Post
It seems it would be super easy for a spoof site to ask you to enter your user name, send it to the real site, read back your special icon, and then put up a fake page with the correct icon.
The way it works is the image is displayed if you are connecting from a known computer. If not then you get security questions that have to be answered before the image is displayed. So a spoof site would have be able to answer your questions before getting to your image.

Avoid spoof sites by not using embedded links, always type in the url in the address bar.
__________________
rbmrtn is offline   Reply With Quote
Old 06-02-2013, 10:32 PM   #25
Recycles dryer sheets
 
Join Date: Dec 2011
Posts: 388
Quote:
Originally Posted by ERD50 View Post
It is interesting, but as far as I could understand, only really relevant if the site has their password list stolen.
And that's how it's done, not by banging away at a single login. All of the cases of hacking accounts that i have heard of were inside jobs.
__________________
Khufu is offline   Reply With Quote
Old 06-03-2013, 11:14 AM   #26
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,334
For those willing to take the time and have the patience here is a good discussion by Steve Gibson of password security and one password management system. IMHO, Gibson has the credentials to be taken seriously. It is several years old, so times may have changed.

https://www.grc.com/sn/sn-256.htm

Many sites now offer a two level verification system: your id is verified by something you know (your password) and something you have (a code sent to your cell phone, or a custom grid with numbers you must enter). However, it's a pain if you forget your cell phone or your grid sheet.
__________________

__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 07:32 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.