Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 02-19-2013, 11:27 AM   #41
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,697
Quote:
Originally Posted by fritz View Post
...(snip)...
I don't store any passwords on our computer, and Firefox is set to wipe all data (including passwords) when closed. Also use CCleaner to wipe data history upon Firefox close.
...
How does one set Firefox to wipe all data when closed?

I just recently found out about the need to use a Master password in FF.
__________________

__________________
Lsbcal is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 02-19-2013, 11:38 AM   #42
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by smjsl View Post
For all those using Lunix, how do you secure it? There are viruses for Linux too, just like for Apple OSes and any other OS. Sure, there are not as many as for Windows, but is that really good enough to protect your life savings?
Anything connected to the internet is vunerable to something. However linux by design is more secure. The main reason is users are not allowed root privileges , same as windows users not running with administrator rights. Windows 7 does a better job at implementing some unix style security under the hood.

I would be more worried about the institution you are connected to being hacked.
__________________

__________________
rbmrtn is offline   Reply With Quote
Old 02-19-2013, 12:01 PM   #43
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,299
Quote:
Originally Posted by smjsl View Post
Quote:
Originally Posted by ERD50
keeping the unique part in a spreadsheet would seem to be OK, you need to couple them with the memorized 'key' to be of any use (I'm using two simple keys - KEY#1&complex-unique&KEY#2).
I personally would be paranoid about a hacker downloading that spreadsheet and if they knew / guessed / found out its meaning, they could potentially use it to crack rest of password, since they'd know the complex part already... (I believe you can seed password cracking programs with a starting string, and maybe there are other ways too.)
Yes, that's possible, but maybe I overstated it a bit when I said "simple keys". I would use something relatively complex for the KEY#1 and KEY#2, but still easy to remember like a mnemonic for a phrase that I would know.

Some examples:

KEY#1 might be WhTkNtDaH245 (We have Three kids Named Tom dick And harry. 2-4-5 is the letters in the first 3 words)

KEY#2 might be MfIciV273 (My favorite Ice cream Is vanilla, then #'s)

Combine Key#1 and Key#2 with your unique code for that institution to make up the entire password.

So if those two keys are kept separate from the spreadsheet, but I keep them on a piece of paper somewhere away from other financial stuff, and I can share it with DW, I think that is tough enough to crack that no one would try hard enough. They would use other means or seek out others (like the bear and hiker joke, I only have to outrun the other guy, not the bear).

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 02-19-2013, 12:31 PM   #44
Recycles dryer sheets
 
Join Date: Aug 2009
Posts: 141
Quote:
Originally Posted by Mulligan View Post
I am seriously thinking of getting a Chromebook, but I admit I am not a computer genius. So let me ask this question to make sure I understand correctly. You are only recommending against Chromebook because you can not store locally and don't want info in the cloud. My intentions are only to conduct transactions online, and print and file documents in my paper file, not store anything anywhere. Chromebooks used in this manner would be a perfectly safe option then because of their setup, and internal safety controls, correct?
Yes.
I have not used Chromium OS personally so I am not aware of any malware issues. If there are none, you are safe (and actually perfect for your needs).
__________________
noelm is offline   Reply With Quote
Old 02-19-2013, 12:45 PM   #45
Recycles dryer sheets
 
Join Date: Sep 2009
Posts: 353
Quote:
Originally Posted by Lsbcal View Post
What if the spreadsheet has a very strong password itself? I think Excel allows a 15 characters.
I am sure this is much better indeed... Still, virus / malware could intercept data in memory potentially, i.e. after your spreadsheet is opened / password is entered; or perhaps they could be excel specific to get to excel data...
__________________
smjsl is offline   Reply With Quote
Old 02-19-2013, 12:59 PM   #46
Full time employment: Posting here.
 
Join Date: Nov 2009
Posts: 510
Quote:
Originally Posted by Lsbcal View Post
How does one set Firefox to wipe all data when closed?

I just recently found out about the need to use a Master password in FF.
These are my FF setups -

Under tools, options:
Content - check block pop up windows
Privacy - check "tell websites I do not want to be tracked". Select "Never remember history" - or select "Use custom browsing mode for history" and "Always use private browsing mode". Check accept cookies from sites (uncheck accept third party cookies). Custom is for if you have issues with websites not working properly w/o allowing cookies. I end up mostly using the latter setting because of this issue (can easily change this setting between Never and Custom).

Private Browsing - Browse the web without saving information about the sites you visit | Firefox Help

Under security uncheck "remember passwords for sites".

Browser add-ons -

click&clean - will wipe all history upon close (use with CCleaner program). Also provides a button you can select that will wipe everything immediately w/o closing browser (belt and suspenders effort when leaving questionable site).
ghostery - blocks 3rd parties (web bugs) while on page
Better Privacy - super cookie safeguard (erases LSO flash cookies - set on close)
WOT (Web of Trust) rates each page you visit and will temporarily prevent you from accessing a suspect page - to let you determine if you want to go to it (has a get me out of here warning and the WOT symbol turns red).

Addtl. FF browser add-ons (good ones to have) -

Adblock plus, Adblock plus pop-up, and Padlock. These block a lot of those annoying ads, and padlock shows (customizable) lock in URL bar for safety when accessing "https" sites. Also have Pocket which is like adding a web page to your favorites, but doesn't mess up your bookmarks. Simply click on the pocket tab in the url and it saves the page for later in a separate location.

Some might have better methods (welcome), but all of this is free and work for me - for a long time now.
__________________
fritz is offline   Reply With Quote
Old 02-19-2013, 01:12 PM   #47
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,697
Quote:
Originally Posted by smjsl View Post
I am sure this is much better indeed... Still, virus / malware could intercept data in memory potentially, i.e. after your spreadsheet is opened / password is entered; or perhaps they could be excel specific to get to excel data...
A few more thoughts on making this even more robust:
1) bury your info within innocuous spread sheet data
2) do not use keywords like "login" or "password"
3) Consider purchasing Keyscrambler an anti-keylogger. I don't currently have this myself.
__________________
Lsbcal is online now   Reply With Quote
Old 02-19-2013, 01:22 PM   #48
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,697
Quote:
Originally Posted by fritz View Post
These are my FF setups -

...
Fritz, thanks for sharing this.

I guess wiping this stuff and not saving non-financial passwords would make things a bit inconvenient which is the price for somewhat better security. For instance, when I visit the library web site it wants my library card's bar code which would be a pain to enter each time. Financial sites do not seem to allow a password to be saved in FF but some do allow the login to be saved.
__________________
Lsbcal is online now   Reply With Quote
Old 02-19-2013, 03:08 PM   #49
Full time employment: Posting here.
 
Join Date: Nov 2009
Posts: 510
Quote:
Originally Posted by smjsl View Post
Awesome! Thanks for mentioning this. I will start using it as well!

For financial passwords, I never store them anywhere digitally. I have a relatively easy part I memorize and more complex part of each password that I write down on 2 pieces of paper stored separately. This way, I don't have to trust any program to store them for me or deliver them to my browser carefully enough without leaving traces in memory, etc.

If someone steals my piece of paper, they won't be able to use it without my "relatively easy" part (plus they won't even understand what accounts that piece is for, what user name I use, etc.)... and I figure it's unlikely that whoever steals or finds the paper is a good computer hacker.
Quote:
Originally Posted by Lsbcal View Post
Fritz, thanks for sharing this.

I guess wiping this stuff and not saving non-financial passwords would make things a bit inconvenient which is the price for somewhat better security. For instance, when I visit the library web site it wants my library card's bar code which would be a pain to enter each time. Financial sites do not seem to allow a password to be saved in FF but some do allow the login to be saved.
I have utilized smjsl's password method for creating/remembering passwords for a long time.

As mentioned in an earlier post - our financial passwords are stored on on a "well hidden" jump drive (in case of memory loss, or if my wife has to carry on with doing this task). It's in code itself...

These days, a lot of sites require passwords. It has become quite a burden to remember all of them. Like smjsl's method, I use a common password that's committed to memory (and on the "well hidden" jump drive), and add on a unique prefix and/or suffix to them - depending on the requirements of the website.

Exceptions to this rule are financial passwords, and what I call specific needs passwords. These are unique (don't have any of the common password component) to protect us from someone discovering one of our modified common use passwords and trying to hack away. Only have a few unique passwords to remember - the rest are smjsl's method.

I emailed our library card info to myself. I utilize Zimbra desktop (free) to obtain and store my gmail/yahoo email off line - I copy and paste the library numbers off the email to the library website when needed. There are other ways to do this - I sent you a PM.
__________________
fritz is offline   Reply With Quote
Old 02-19-2013, 03:52 PM   #50
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 2,726
Another way to accomplish the same thing, is to get Windows 8 professional edition use HyperV, and a usb hard drive and use it as a pass thru hard drive(dedicated), load Windows XP the pass thru hard drive, (i.e. the windows 8 does not see the drive), then in essence you have a dedicated computer for the whatever purpose. (Of course you could also use VMware workstation as well) Virtualization is what most hosting companies now use to host web sites the physical server runs a number of copies of the OS and these copies host the various web sites. Actually its a very old idea IBM first introduced the concept on the 360 with Virtual Machine back in the 1960s. (Now I do admit its not for the faint of heart, you do need to understand what you are doing). Once installed you logon to the virtual machine as if you were logging on to another machine with remote terminal services (this works only on the professional editions of Win XP 7 and 8.)

Or perhaps a bit simpler just load windows on a USB memory stick and use it for financial issues, however you will need additional licenses for office and your anti-virus just as if it were a different physical machine (also applies above as well)
__________________
meierlde is online now   Reply With Quote
Old 02-19-2013, 03:57 PM   #51
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 2,726
Quote:
Originally Posted by smjsl View Post
Awesome! Thanks for mentioning this. I will start using it as well!


If someone steals my piece of paper, they won't be able to use it without my "relatively easy" part (plus they won't even understand what accounts that piece is for, what user name I use, etc.)... and I figure it's unlikely that whoever steals or finds the paper is a good computer hacker.
At the point the paper has been stolen you probably loose a lot of other stuff since that implies a breakin, at which point computer security might be down on the list of what to worry about, after things like figuring out what is gone, as well as re-securing the place. I keep a list with all passwords, but the small town where I live every breaking gets in the local daily newspaper, so they are not to common, as contrasted to the big city.
__________________
meierlde is online now   Reply With Quote
Old 02-19-2013, 03:57 PM   #52
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,697
Quote:
Originally Posted by fritz View Post
...(snip)...
These days, a lot of sites require passwords. It has become quite a burden to remember all of them. Like smjsl's method, I use a common password that's committed to memory (and on the "well hidden" jump drive), and add on a unique prefix and/or suffix to them - depending on the requirements of the website.

Exceptions to this rule are financial passwords, and what I call specific needs passwords. These are unique (don't have any of the common password component) to protect us from someone discovering one of our modified common use passwords and trying to hack away. Only have a few unique passwords to remember - the rest are smjsl's method.
...
Seems that I stumbled upon a similar methodology myself. Perhaps we are not all that unique. However, I think we are way ahead of most internet users.
__________________
Lsbcal is online now   Reply With Quote
Old 02-19-2013, 06:20 PM   #53
Recycles dryer sheets
 
Join Date: Sep 2009
Posts: 353
Quote:
Originally Posted by meierlde View Post
At the point the paper has been stolen you probably loose a lot of other stuff since that implies a breakin, at which point computer security might be down on the list of what to worry about, after things like figuring out what is gone, as well as re-securing the place.
I can lose the piece of paper in other ways too. Sometimes I take one of them on a trip for example (for emergency less-secure access, after which i would change the password), and could potentially lose it there. Even if someone broke in and got both, the piece of paper and my financial computer, there is nothing they could do with that to access my accounts because
(a) piece of paper does not have "easy-to-remember-but-not-to-guess" part of the passwords (BTW, I have different such parts for each account, so no two important password share any common component)
(b) piece of paper has no indication as to which password applies to which account
(c) piece of paper has no indication of which account has which login id
(d) all information on the piece of paper is itself encoded and requires knowing how to decode it
(e) nothing on the computer remembers these fields

Finally, whatever gets stolen from the house is not worth much ;-)
__________________
smjsl is offline   Reply With Quote
Old 02-19-2013, 06:56 PM   #54
Recycles dryer sheets
 
Join Date: Sep 2009
Posts: 353
Hmmm... something weird going on in this thread for me - I cannot get to page 2 in any way, except to start posting a reply in which case I see all other replies. No matter which link I follow, I end up on first page.

Other multi-page threads work just fine... must be some hacking going on here ;-) Wonder if it's just me.
__________________
smjsl is offline   Reply With Quote
Old 02-19-2013, 07:16 PM   #55
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 42,150
Quote:
Originally Posted by smjsl View Post
Other multi-page threads work just fine... must be some hacking going on here ;-) Wonder if it's just me.
+1

Try clearing (not tossing ) your cookies...
__________________
Numbers is hard

When I hit 70, it hit back

Retired in 2005 at age 58, no pension
REWahoo is offline   Reply With Quote
Old 02-19-2013, 09:01 PM   #56
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,710
Quote:
Originally Posted by bmcgonig View Post
I have my important stuff at Etrade. They gave me a security key that has a 6 digit number that chances every minute. I have to add this number to then end of my password to log in. Seems foolproof. Do any of the others offer this ?
I never would have thought those tokens could be hacked. This article gives the where and when.

Every thing can be hacked, misused, stolen, it seems.
__________________
target2019 is offline   Reply With Quote
Old 03-09-2013, 05:03 PM   #57
Recycles dryer sheets
Stanley's Avatar
 
Join Date: Jan 2013
Posts: 194
Here's an idea for those who don't want to use a dedicated computer. Switch to Google's Chrome OS when banking. Apparently, it's security is the best of the browser bunch.

Linux triumphant: Chrome OS resists cracking attempts | ZDNet
__________________
Stanley is offline   Reply With Quote
Old 03-09-2013, 07:32 PM   #58
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Mulligan's Avatar
 
Join Date: May 2009
Posts: 7,384
Quote:
Originally Posted by Stanley
Here's an idea for those who don't want to use a dedicated computer. Switch to Google's Chrome OS when banking. Apparently, it's security is the best of the browser bunch.

Linux triumphant: Chrome OS resists cracking attempts | ZDNet
I just bought a $199 google chromebook for this purpose. I really like it. I just log in and have my main financial websites bookmarked on it for easy access. I won't be so paranoid not to surf with it, but my iPad is my main source for that. Btw - I am impressed with IPads battery durability. I use it daily and browse on it while watching tv. I have had it for over 2 years and haven't noticed any loss of battery strength.
__________________
Mulligan is online now   Reply With Quote
Old 03-10-2013, 03:30 PM   #59
Full time employment: Posting here.
 
Join Date: Jan 2008
Posts: 882
Quote:
Originally Posted by Stanley View Post
Here's an idea for those who don't want to use a dedicated computer. Switch to Google's Chrome OS when banking. Apparently, it's security is the best of the browser bunch.

Linux triumphant: Chrome OS resists cracking attempts | ZDNet
I think any version of Linux would also do as well -- or close. Requires dual boot or a bootable USB device if you need to keep Windows for other purposes. I keep a bootable flash drive with Ubuntu on it for anything really secure. The flash drive has no persistence.
__________________
jebmke is offline   Reply With Quote
Old 03-10-2013, 04:17 PM   #60
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,299
Quote:
Originally Posted by jebmke View Post
I think any version of Linux would also do as well -- or close. Requires dual boot or a bootable USB device if you need to keep Windows for other purposes. I keep a bootable flash drive with Ubuntu on it for anything really secure. The flash drive has no persistence.
Maybe you mean this as a good thing - if nothing is stored, maybe that is more secure?

But if not, the Ubuntu flash drive can be set up with persistence. I've done it before, and it is very handy for adding whatever utilities you want, configuring the setup, adding a few docs you may want handy, etc.

I forget how it was done exactly, IIRC it was either an option during install, or just a choice of which file to install. But it was easy, I didn't jump through hoops or have to do any terminal commands or anything.

-ERD50
__________________

__________________
ERD50 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 09:02 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.