Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 08-28-2014, 09:40 PM   #41
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,673
I think this technique helps to confuse a "possible" keylogger which could be on one's system during a Vanguard login:

1) you have a 12 character login
2) Type maybe 6 characters of the login
3) Place cursor outside the login box, or even in the Search Window box
4) Type nonsense characters
5) Replace the cursor to the login box
6) Type the remaining 6 characters

Note you could start by typing the last 6 characters and when replacing the cursor at the beginning, then type the first 6 characters.

I've been told that this can confuse at least a good percentage of keyloggers. Maybe the CIA has a keylogger that won't be fooled?
__________________

__________________
Lsbcal is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-28-2014, 09:56 PM   #42
Recycles dryer sheets
 
Join Date: Feb 2014
Location: SF Bay Area
Posts: 252
With all this talk about security, does anyone think like I do? Every time I log into Fidelity or Vanguard..... just for a microsecond....I think to myself, "Please, oh please, don't show my balance to be $0.00"

What is money anyway, just an entry in some database.
__________________

__________________
"The only function of economic forecasting is to make astrology look respectable"
- J.K. Galbraith
FireBug is offline   Reply With Quote
Old 08-28-2014, 11:05 PM   #43
Thinks s/he gets paid by the post
Major Tom's Avatar
 
Join Date: Nov 2009
Location: SF East Bay
Posts: 3,128
Quote:
Originally Posted by FireBug View Post
Every time I log into Fidelity or Vanguard..... just for a microsecond....I think to myself, "Please, oh please, don't show my balance to be $0.00"
That happened to me a few years ago. I logged into my savings account in which, at the time, I was keeping ~ 4 years worth of living expenses. My account summary appeared, and showed my account balance to be zero!

A good minute or two of confusion and near-panic ensued, before I remembered that just a few weeks earlier, I had transferred the entire balance to a bank that was paying a slightly higher rate of interest.

PHEW.
__________________
ER, for all intents and purposes. Part-time income <5% of annual expenditure.
Major Tom is offline   Reply With Quote
Old 08-29-2014, 01:07 AM   #44
Full time employment: Posting here.
 
Join Date: Nov 2010
Posts: 583
One disappointment of Vanguard's security is that passwords are not case sensitive. the complexity goes up rapidly if each character can be a capital, lowercase, number or special character. I make sure that I have a character or three that are NOT on the keyboard on any site that is truly sensitive/important. I like big O's.

I always loved the Dilbert cartoon where the pointy head boss very carefully types ******** as his password.
__________________
devans0 is offline   Reply With Quote
Old 08-29-2014, 07:14 AM   #45
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RunningBum's Avatar
 
Join Date: Jun 2007
Posts: 5,163
Quote:
Originally Posted by devans0 View Post
One disappointment of Vanguard's security is that passwords are not case sensitive...
Vanguard passwords ARE case sensitive. I don't think the usernames are, if that's what you meant.
__________________
RunningBum is offline   Reply With Quote
Old 08-29-2014, 07:59 AM   #46
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,883
So, if a password is stolen via a keylogger, wouldn't it not matter whether the password was 8 characters or 16 characters long?

As I always thought the longer passwords are more secure only for brute force attacks but to a keylogger, what's 8 vs 16 characters between friends?
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 08-29-2014, 09:32 AM   #47
Full time employment: Posting here.
 
Join Date: Nov 2010
Posts: 583
Quote:
Originally Posted by RunningBum View Post
Vanguard passwords ARE case sensitive. I don't think the usernames are, if that's what you meant.
Thank you for the correction. You are right. One nightmare is to find a hacked account and everything gone when I logged in.

I tried to have my user name a "password" to add complexity. My 401K account has non numeric or alphabetic characters added in, I didn't think of that with my Vanguard account, but did have a mix of upper and lower case letters, but as you noted correctly, to no avail. I just lengthened my password to the full 20 chars. It will take years for each dollar gained to hack my account.
__________________
devans0 is offline   Reply With Quote
Old 08-29-2014, 11:16 AM   #48
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,317
Quote:
Originally Posted by ernow View Post
Just a note on LastPass, it is cloud based but it keeps everything in an encrypted blob. Nothing is in the clear beyond your own machine. I use it and am very happy with it.
+1

LastPass is one tool. I would not rely solely on it for security. At the very least, one should periodically logon to one's accounts and see if anything unusual is going on. Also, using two factor authentication, when available, is a good idea.

Lastpass hashes and encrypts the data base into a blob of meaningless garbage. The key to making that garbage mean something is not stored in the cloud. When you type in your id and password, the app generates your key so it can encrypt and decrypt your data as needed. The key itself is a 256 bite long mini-blob of data. But the key is never stored with the blob of encrypted data.

Quote:
So the idea is that when you log in, when you give your system your LastPass username and password, the first thing it does is it runs it through this SHA - it lowercases the email address, removes the white space, adds the password, and then it does this hash to it, turning it into a 256-bit blob which tells the blob holder nothing about your username and password. It's just like it's been digested into this thing. In fact, hashes are called "digests," also, for that reason.
What that is, is that is your cryptographic key. That's the key which your system will use, both to encrypt your data which is being shared with LastPass Corporate, and also to decrypt it when LastPass Corporate sends this back to you.
From: https://www.grc.com/sn/sn-256.htm
__________________

__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Great Reset Charlie_Boy FIRE and Money 3 09-12-2010 03:46 PM
Will the "great reset" cause the masses to embrace FI(RE)? Gerbil Wheel Young Dreamers 78 09-12-2010 12:55 PM

 

 
All times are GMT -6. The time now is 02:39 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.