Dedicated computer for online banking

[meierlde]

Awesome! Thanks for mentioning this. I will start using it as well!


If someone steals my piece of paper, they won't be able to use it without my "relatively easy" part (plus they won't even understand what accounts that piece is for, what user name I use, etc.)... and I figure it's unlikely that whoever steals or finds the paper is a good computer hacker.

At the point the paper has been stolen you probably loose a lot of other stuff since that implies a breakin, at which point computer security might be down on the list of what to worry about, after things like figuring out what is gone, as well as re-securing the place. I keep a list with all passwords, but the small town where I live every breaking gets in the local daily newspaper, so they are not to common, as contrasted to the big city.

 

[Lsbcal]

...(snip)...
These days, a lot of sites require passwords. It has become quite a burden to remember all of them. Like smjsl's method, I use a common password that's committed to memory (and on the "well hidden" jump drive), and add on a unique prefix and/or suffix to them - depending on the requirements of the website.

Exceptions to this rule are financial passwords, and what I call specific needs passwords. These are unique (don't have any of the common password component) to protect us from someone discovering one of our modified common use passwords and trying to hack away. Only have a few unique passwords to remember - the rest are smjsl's method.
...

Seems that I stumbled upon a similar methodology myself. Perhaps we are not all that unique. However, I think we are way ahead of most internet users.

 

[smjsl]

At the point the paper has been stolen you probably loose a lot of other stuff since that implies a breakin, at which point computer security might be down on the list of what to worry about, after things like figuring out what is gone, as well as re-securing the place.

I can lose the piece of paper in other ways too. Sometimes I take one of them on a trip for example (for emergency less-secure access, after which i would change the password), and could potentially lose it there. Even if someone broke in and got both, the piece of paper and my financial computer, there is nothing they could do with that to access my accounts because
(a) piece of paper does not have "easy-to-remember-but-not-to-guess" part of the passwords (BTW, I have different such parts for each account, so no two important password share any common component)
(b) piece of paper has no indication as to which password applies to which account
(c) piece of paper has no indication of which account has which login id
(d) all information on the piece of paper is itself encoded and requires knowing how to decode it
(e) nothing on the computer remembers these fields

Finally, whatever gets stolen from the house is not worth much ;-)

 

[smjsl]

Hmmm... something weird going on in this thread for me - I cannot get to page 2 in any way, except to start posting a reply in which case I see all other replies. No matter which link I follow, I end up on first page.

Other multi-page threads work just fine... must be some hacking going on here ;-) Wonder if it's just me.

 

[REWahoo]

Other multi-page threads work just fine... must be some hacking going on here ;-) Wonder if it's just me.

+1

Try clearing (not tossing ) your cookies...

 

[target2019]

I have my important stuff at Etrade. They gave me a security key that has a 6 digit number that chances every minute. I have to add this number to then end of my password to log in. Seems foolproof. Do any of the others offer this ?

I never would have thought those tokens could be hacked. This article gives the where and when.

Every thing can be hacked, misused, stolen, it seems.

 

[Stanley]

Here's an idea for those who don't want to use a dedicated computer. Switch to Google's Chrome OS when banking. Apparently, it's security is the best of the browser bunch.

Linux triumphant: Chrome OS resists cracking attempts | ZDNet

 

[Mulligan]

Here's an idea for those who don't want to use a dedicated computer. Switch to Google's Chrome OS when banking. Apparently, it's security is the best of the browser bunch.

Linux triumphant: Chrome OS resists cracking attempts | ZDNet

I just bought a $199 google chromebook for this purpose. I really like it. I just log in and have my main financial websites bookmarked on it for easy access. I won't be so paranoid not to surf with it, but my iPad is my main source for that. Btw - I am impressed with IPads battery durability. I use it daily and browse on it while watching tv. I have had it for over 2 years and haven't noticed any loss of battery strength.

 

[jebmke]

Here's an idea for those who don't want to use a dedicated computer. Switch to Google's Chrome OS when banking. Apparently, it's security is the best of the browser bunch.

Linux triumphant: Chrome OS resists cracking attempts | ZDNet

I think any version of Linux would also do as well -- or close. Requires dual boot or a bootable USB device if you need to keep Windows for other purposes. I keep a bootable flash drive with Ubuntu on it for anything really secure. The flash drive has no persistence.

 

[ERD50]

I think any version of Linux would also do as well -- or close. Requires dual boot or a bootable USB device if you need to keep Windows for other purposes. I keep a bootable flash drive with Ubuntu on it for anything really secure. The flash drive has no persistence.

Maybe you mean this as a good thing - if nothing is stored, maybe that is more secure?

But if not, the Ubuntu flash drive can be set up with persistence. I've done it before, and it is very handy for adding whatever utilities you want, configuring the setup, adding a few docs you may want handy, etc.

I forget how it was done exactly, IIRC it was either an option during install, or just a choice of which file to install. But it was easy, I didn't jump through hoops or have to do any terminal commands or anything.

-ERD50

 

[Katsmeow]

Yes, that's possible, but maybe I overstated it a bit when I said "simple keys". I would use something relatively complex for the KEY#1 and KEY#2, but still easy to remember like a mnemonic for a phrase that I would know.

Some examples:

KEY#1 might be WhTkNtDaH245 (We have Three kids Named Tom dick And harry. 2-4-5 is the letters in the first 3 words)

KEY#2 might be MfIciV273 (My favorite Ice cream Is vanilla, then #'s)

Combine Key#1 and Key#2 with your unique code for that institution to make up the entire password.

I have different ways for doing passwords depending upon how important they are and whether I need to personally remember the passwords.

For a few passwords I have a system like the above.

For passwords for sites that it really doesn't matter I have a common password that I use for all of them and then part that individualizes it for the site.

For the other sites, I want to use unique passwords to each one but I really don't have to remember those passwords.

What works for those and stores most of the rest is Roboform. It can generate random strong passwords based upon the criteria I set (you tell it what special characters and length for example), then it generates a random password. I don't have to remember it. Instead I just have to remember my master password to Roboform. It is like one of those that ERD50 suggests but has some special characters as well.

I feel comfortable with this.

As far as online banking the only sites that really really matter to me for security are my bank and where I have my money (most Vanguard). Those I have strong passwords for and don't use anything even close to those passwords anywhere else. More to the point I log in to those accounts every business day so I would notice if anything untoward was happening.

 

[jebmke]

Maybe you mean this as a good thing - if nothing is stored, maybe that is more secure?

But if not, the Ubuntu flash drive can be set up with persistence. I've done it before, and it is very handy for adding whatever utilities you want, configuring the setup, adding a few docs you may want handy, etc.

I forget how it was done exactly, IIRC it was either an option during install, or just a choice of which file to install. But it was easy, I didn't jump through hoops or have to do any terminal commands or anything.

-ERD50

Yes, actually I have two bootable flash drives. One is non-persistent. The other I use with some tools to break back into a Windows machine if it fails to boot (I support about 50 laptops for TaxAide).