Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 04-15-2014, 06:56 AM   #41
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 570
Not sure where to start this effort but this seems like a good place.

"Security professionals have said for a long while that we should all add more layers to our verification systems. Two-factor security adds something you have. Often itís a token, such as from SecurID, or it could be a one-off code sent to a mobile phone to prove you have your phone. ATM cards require you to have the card, and know the PIN number." On credit cards, outside of the USA, two-factor security is the norm.

I am suggesting that the people who participate on this forum encourage the websites we use, especially financial ones, to institute 2-factor verification methods. Just drop a quick email and tell them as a customer, you are willing to execute this extra log-in step. Ask your friends to participate via FB, Google+ page, etc.

The technology exists and can be done fairly easily but frankly most of us resist it. So, many companies have worked hard to make their sites as safe as possible. But no where as safe as it could be if we as consumers are willing to do more when we log in and force the issue with our providers.

I hope you consider starting this groundswell.
__________________

__________________
davef is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 04-15-2014, 08:00 AM   #42
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,261
Quote:
Originally Posted by davef View Post
... Two-factor security adds something you have. Often itís a token, such as from SecurID, or it could be a one-off code sent to a mobile phone to prove you have your phone.

...


I hope you consider starting this groundswell.
JMO, but I really don't want to have to refer to a SecureID type device for every financial/retail site I log onto. I believe that reasonable security can be achieved w/o that level, but it certainly is a more secure way to do it, and may be appropriate in many cases.

But financial companies should do the basics. And Vanguard is terrible in this respect. It's been discussed here before, but I think you motivated me to contact them (though I really don't log on there very often). The problems:

1) You enter username on one page, if valid, you proceed t the next page. If invalid, you get a message.
This is very bad. It isn't hard for a robot to find valid usernames. With that info, it can start testing passwords.
2) The max password length is pretty short (forget exactly how many char). But I had to use a shorter PW than what I would normally use with my current 'system'.
This makes #1 even worse.
For me, the real question is just who was affected by this bug? I haven't heard of any actual events. I think they need to take care of basics before going to extremes.

-ERD50
__________________

__________________
ERD50 is offline   Reply With Quote
Old 04-15-2014, 08:23 AM   #43
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,634
I doubt we will see two factor authentication widely used soon. It is to much of a PITA for most of us. I tried it with Gmail for a while but found the hassle to much to take and I am patient with this stuff.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Old 04-15-2014, 08:31 AM   #44
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
kcowan's Avatar
 
Join Date: Jul 2006
Location: Pacific latitude 20/49
Posts: 5,705
Send a message via Skype™ to kcowan
The CRA has announced that 900 SSNs (SINs) have been compromised and they affected parties will be notified by registered letter. This seems to imply that the affected are not active online users.
__________________
For the fun of it...Keith
kcowan is offline   Reply With Quote
Old 04-15-2014, 08:47 AM   #45
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 2,710
From the point of view of the companies the issue is the cost of losses using the current system versus the cost of upgrading security. Consider how long it has taken to go to chip and pin for credit card losses. If the losses are less than the costs of change then its just a cost of doing business and you absorb it.
Security measures are evaluated on the risk being mitigated and if the costs benefits don't work out then they are not introduced.
__________________
meierlde is offline   Reply With Quote
Old 04-15-2014, 09:15 AM   #46
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 570
Quote:
Originally Posted by meierlde View Post
From the point of view of the companies the issue is the cost of losses using the current system versus the cost of upgrading security. Consider how long it has taken to go to chip and pin for credit card losses. If the losses are less than the costs of change then its just a cost of doing business and you absorb it.
Security measures are evaluated on the risk being mitigated and if the costs benefits don't work out then they are not introduced.
meierlde - You are right that we are mostly protected, at least our credit cards. I expect if our brokerage accounts are emptied, perhaps someone will provide payback. But the cost to add the second level is really not that much. SS is able to do it.

I recommend using a password generator since it makes my life easier. I am using Keepass. It is copy and paste for user name and password. It works on my computer and tablet. Keeps the URL and the date the password was last updated. I like Keepass because it is offline but many people are happy with online generators.

Like any type of theft, it does not happen often. All theft prevention techniques, from locking house/car, using a bank to store your cash, etc. is inconvenient. In my estimation, two level verification is as easy as using a key to open your front door. And, perhaps provides even more protection for as least as much assets.
__________________
davef is offline   Reply With Quote
Old 04-15-2014, 05:01 PM   #47
Thinks s/he gets paid by the post
veremchuka's Avatar
 
Join Date: Oct 2010
Location: irradiated - too close to the nuclear furnace
Posts: 1,294
Quote:
Originally Posted by ERD50 View Post
2) The max password length is pretty short (forget exactly how many char). But I had to use a shorter PW than what I would normally use with my current 'system'.
Vanguard has increased the password length to 20 characters IIRC. If it isn't 20 it is 16, too lazy to check mine. I think 16 is excellent and 20 even better. Mine is a jumble of all different characters and numbers and I feel safe.

As to 2 factor authentication at Vanguard maybe by 2030! I was after them for at least 3 years (as were many based upon the BH site comments when password threads arise) to increase the length of the password and accept case sensitivity.
__________________

__________________
veremchuka is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What's with the GOLD bug? charlottebandito Young Dreamers 2 06-21-2005 07:09 PM
Potential Form Bug moguls FIRE and Money 1 11-25-2002 11:36 PM

 

 
All times are GMT -6. The time now is 04:43 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.