Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 09-23-2016, 05:38 PM   #21
Thinks s/he gets paid by the post
gauss's Avatar
 
Join Date: Aug 2011
Posts: 1,603
I just did a count of the number of accounts stored in my Lastpass value. It is very close to 400.

Am I really expected to visit everyone one of these accounts, try to figure out if security questions are even used and then exclude the yahoo ones?

This could be at least a 9-5 project for a week (lunches not included!)

If I do take this on, I will be sure to document all of the security questions/answers in the Lastpass notes for the account, so that security question overlap can be identified much quicker for the next breach.

-gauss
__________________

__________________
gauss is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-23-2016, 05:41 PM   #22
Recycles dryer sheets
 
Join Date: Dec 2003
Posts: 434
I did get an e-mail this morning. Changed my password, for what it's worth.
__________________

__________________
Peter is offline   Reply With Quote
Old 09-23-2016, 06:01 PM   #23
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,346
DW and I received emails yesterday.
__________________
Lsbcal is offline   Reply With Quote
Old 09-24-2016, 09:34 AM   #24
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 17,384
RE two level verification:

Quote:
Originally Posted by Lsbcal View Post
I always worry that I will loose my email capability if on vacation and the phone becomes disabled, lost, or stolen. ....
That's my concern as well. How do I handle this?

I gave up an old email address years ago - it was tied to the ISP. I did a good job of getting everything and everyone updated to my new gmail address. But I forgot one, when I realized it sends out an annual message, and that date came and went.

It wan't important, so I didn't put much effort into it, but I didn't see anyway to retrieve that account without my old email address.

Sounds like I need to report it stolen/lost to get a new SIM with the same phone #? I guess I'd want to do that anyhow, but there would be some delay.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 09-24-2016, 09:43 AM   #25
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 37,117
Quote:
Originally Posted by gauss View Post
I just did a count of the number of accounts stored in my Lastpass value. It is very close to 400.

Am I really expected to visit everyone one of these accounts, try to figure out if security questions are even used and then exclude the yahoo ones?

This could be at least a 9-5 project for a week (lunches not included!)
And then, a similar breach could happen at Yahoo or somewhere else next week. You can't possibly do what you are describing every time something like this happens. Neither can anybody else.

Nothing on the internet is completely secure. I hate that but I believe it to be true. All we can do, is what we can do.
__________________
Fairy tales are more than true: not because they tell us that dragons exist, but because they tell us that dragons can be beaten.

― N. Gaiman (2002)








W2R is offline   Reply With Quote
Old 09-24-2016, 09:50 AM   #26
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 40,637
Speaking of internet security, I started reading this Consumer Reports article and gave up about 1/3 of the way through. I think we're all doomed :

66 Ways to Protect Your Privacy Right Now - Consumer Reports
__________________
Numbers is hard

When I hit 70, it hit back

Retired in 2005 at age 58, no pension
REWahoo is offline   Reply With Quote
Old 09-24-2016, 10:10 AM   #27
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,258
Quote:
Originally Posted by W2R View Post
And then, a similar breach could happen at Yahoo or somewhere else next week. You can't possibly do what you are describing every time something like this happens. Neither can anybody else.

Nothing on the internet is completely secure. I hate that but I believe it to be true. All we can do, is what we can do.

This is why I like to just randomize my security answers.

One site my have something like:

Q. "What's your dog's name?"
A. Dog ≥fE4D+


Another site may have:

Q. "What's your dog's name?"
A. Dog EL$2OU

That way, all my answers are unique so a hack only impacts that account and not throughout all my id/password/answers.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-24-2016, 10:26 AM   #28
Thinks s/he gets paid by the post
Sunset's Avatar
 
Join Date: Jul 2014
Location: Chicago
Posts: 3,606
Quote:
Originally Posted by Rustward View Post
Just curious, what leads you to say this?
I worked in IT, did software used by all the big bank employees and lots of other software at other companies. So were good about security, others not.

I have seen encryption was not used a lot in various companies, there are 2 common ways to encrypt the web users data, (1-way and 2-way).

Hopefully by now for passwords the 1-way is used everywhere, but if you ever click on "forgot password" and they send it to you, you can be sure it's not 1-way. Nobody can read a 1-way encrypted password as it cannot be decrypted. The system compares what you typed in after encrypting it to the stored value and if they match, then you must have typed in the password.

2-way means , the system can decrypt it. using a key, which of course means if the database is stolen they very likely have the key too.

The other way is to store it in plain text, which is easy.

If the rep can read the challenge question, it means it is probably not encrypted, (it could be done in the 2-way manner, but that is not much better for security). Frankly it's rare that anyone considers challenge questions needing security like passwords.

I've even had Reps give me clues at to my mother's maiden name (which was not a real name)
__________________
Sunset is offline   Reply With Quote
Old 09-24-2016, 10:28 AM   #29
Thinks s/he gets paid by the post
Sunset's Avatar
 
Join Date: Jul 2014
Location: Chicago
Posts: 3,606
Quote:
Originally Posted by gauss View Post
I just did a count of the number of accounts stored in my Lastpass value. It is very close to 400.

Am I really expected to visit everyone one of these accounts, try to figure out if security questions are even used and then exclude the yahoo ones?

This could be at least a 9-5 project for a week (lunches not included!)

If I do take this on, I will be sure to document all of the security questions/answers in the Lastpass notes for the account, so that security question overlap can be identified much quicker for the next breach.

-gauss
I use random, different answers for all challenge questions so no cross-site commonality.

I store my answers in the notes section of my password manager for each site.
__________________
Sunset is offline   Reply With Quote
Old 09-24-2016, 10:57 AM   #30
Recycles dryer sheets
 
Join Date: Jun 2015
Posts: 74
All these hacks (and my losing two custom-built websites because of one of them) is why I do not do banking online.

There is no longer anything secure about secure socket.
__________________
gretah is offline   Reply With Quote
Old 09-24-2016, 12:37 PM   #31
Moderator
Walt34's Avatar
 
Join Date: Dec 2007
Location: Eastern WV Panhandle
Posts: 15,455
Quote:
Originally Posted by Just_Steve View Post
Do people actually use yahoo mail for any sensitive information?
The only real thing on my account is my cell number so I can recover my password if I forget it. I only use it to gather information from companies and such. Makes a great spam filter.
They don't even have a cell number for me, and I think the original email address that I used to open the yahoo account no longer exists. I just use it for a spam filter, some product registrations so I'll know about a recall if one happens, craigslist if I'm buying/selling something, that sort of thing. Normally I look at it about once a week.

And right now I'm using it with some family members to plan a surprise birthday party for DW. That way she won't see any of those planning messages.
__________________
I heard the call to do nothing. So I answered it.
Walt34 is offline   Reply With Quote
Old 09-24-2016, 02:44 PM   #32
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,346
Quote:
Originally Posted by gretah View Post
All these hacks (and my losing two custom-built websites because of one of them) is why I do not do banking online.

There is no longer anything secure about secure socket.
I would hate to go way back to US post and checks.

As some from this site have suggested, I've upped my automation but check my accounts more frequently. On my phone I can use Lastpass to get into accounts easily for checks. Having a fingerprint reader on the phone is very nice as Lastpass can see that. So far no problems.
__________________
Lsbcal is offline   Reply With Quote
Old 09-25-2016, 07:48 AM   #33
Thinks s/he gets paid by the post
DFW_M5's Avatar
 
Join Date: Sep 2003
Posts: 4,879
I had an old and infrequently used Yahoo account that I tried to delete yesterday. The site recognized my user name, but not my password, so I tried to recover/reset my password, and as a challenge question it wanted a few digits from an old work cellphone number that I can no longer recall, and there was no other way to get around that and no way to contact Yahoo. What a screwed up customer service capability, especially in light of the hack.
__________________
Doing things today that others won't, to do things tomorrow that others can't. Of course I'm referring to workouts, not robbing banks.
DFW_M5 is offline   Reply With Quote
Old 09-26-2016, 07:35 AM   #34
Thinks s/he gets paid by the post
gauss's Avatar
 
Join Date: Aug 2011
Posts: 1,603
Quote:
Originally Posted by W2R View Post
And then, a similar breach could happen at Yahoo or somewhere else next week. You can't possibly do what you are describing every time something like this happens. Neither can anybody else.

Nothing on the internet is completely secure. I hate that but I believe it to be true. All we can do, is what we can do.
Thanks

Perhaps I will take solace in the fact that most computer sites will not let you in with just correct security question answers, but also require access to the email account of record.

I guess going forward I will start documenting security question/answers with the rest of my LastPass data.

It would be really nice if yahoo would let individual account holders know what type of data was lost for their account (ie was it encrypted or unencrypted security questions/answers). Failing that at least perhaps a statistical breakdown (ie 98% encrypted 2% unencrypted).

-gauss
__________________
gauss is online now   Reply With Quote
Old 09-26-2016, 07:52 AM   #35
Thinks s/he gets paid by the post
Tadpole's Avatar
 
Join Date: Jul 2004
Posts: 1,137
Boy did I do something dumb yesterday when I changed password. I told Yahoo to delete my security questions without looking to see what the questions and answers were. Now I don't know if or what security questions I need to change at other sites.
__________________
Tadpole is offline   Reply With Quote
Old 10-29-2016, 08:34 AM   #36
Thinks s/he gets paid by the post
 
Join Date: Jan 2006
Posts: 2,693
Anyone using Yahoo mail and checking your account activity? Learned how to do that on some thread here in Sept. 2016 when the Yahoo hack was being publicized. It shows what browser & OS were used as well as the location at various times.

I've been checking periodically since I changed the password a few months ago with nothing strange showing....................... until today, when it showed a
strange computer using Windows (which I don't use) in a location where I haven't been ............so I changed password again. A useful tool to check
periodically.
__________________
kaneohe is offline   Reply With Quote
Old 10-29-2016, 08:50 AM   #37
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,346
Quote:
Originally Posted by kaneohe View Post
Anyone using Yahoo mail and checking your account activity? Learned how to do that on some thread here in Sept. 2016 when the Yahoo hack was being publicized. It shows what browser & OS were used as well as the location at various times.

I've been checking periodically since I changed the password a few months ago with nothing strange showing....................... until today, when it showed a
strange computer using Windows (which I don't use) in a location where I haven't been ............so I changed password again. A useful tool to check
periodically.
And this tool is where?
__________________
Lsbcal is offline   Reply With Quote
Old 10-29-2016, 09:03 AM   #38
Thinks s/he gets paid by the post
 
Join Date: Jan 2006
Posts: 2,693
Quote:
Originally Posted by Lsbcal View Post
And this tool is where?
When in Yahoo mail, for me it is in the upper right hand corner. Forget the exact words but there is a box with something like "account info" . Click on the box and there will be on the left side, items like account security
(you can change password here) and account activity........the latter is the one that will show you a monitor of periodic past sessions......the browser/operating system/location. I almost stopped looking because it seemed like the same old thing each time until today............

That box on the upper right corner has an arrow that you can click that will result in those items in a pop-down list so you can go directly to account activity.

Just realized that DW's Yahoo mail looks somewhat different than mine..........hers has a gear in upper right
hand corner. Hover over that and a drop down menu shows "account info" at the bottom of the list.
Click on that and then select account activity.
__________________
kaneohe is offline   Reply With Quote
Old 10-29-2016, 09:16 AM   #39
Thinks s/he gets paid by the post
 
Join Date: Oct 2012
Location: Colorado Mountains
Posts: 1,876
Quote:
Originally Posted by kaneohe View Post
Anyone using Yahoo mail and checking your account activity? Learned how to do that on some thread here in Sept. 2016 when the Yahoo hack was being publicized. It shows what browser & OS were used as well as the location at various times.

I've been checking periodically since I changed the password a few months ago with nothing strange showing....................... until today, when it showed a
strange computer using Windows (which I don't use) in a location where I haven't been ............so I changed password again. A useful tool to check
periodically.
You changed your password after the hack and then someone got into your account using the new password? Yahoo has abdicated the responsibility to ensure no hackers to the user? Why are you still using Yahoo?
__________________
Hermit is online now   Reply With Quote
Old 10-29-2016, 09:25 AM   #40
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,346
Quote:
Originally Posted by Hermit View Post
You changed your password after the hack and then someone got into your account using the new password? Yahoo has abdicated the responsibility to ensure no hackers to the user? Why are you still using Yahoo?
How do you conclude this?

I also have gmail, but why should I cut off Yahoo? They have been good to me for years. True, I've had to be patient with their tweeking of the service but in the end it's been fine for my family.
__________________

__________________
Lsbcal is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
9volt battery hack maddythebeagle Other topics 3 11-07-2007 08:22 AM
Hack? One zoned to two zoned A/C Sam Other topics 3 07-13-2007 02:42 PM
Ticker Factory hack :) HobbyDave Other topics 3 05-02-2007 07:26 PM
URL Problem Possible Hack Outtahere Forum Admin 21 05-17-2006 10:43 PM
Yahoo "Finance Quiz" Walker101 FIRE and Money 242 06-15-2004 10:56 AM

 

 
All times are GMT -6. The time now is 09:17 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.