Internet Security PSA

Midpack

Midpack

Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Joined
Jan 21, 2008
Messages
21,362
Location
NC
A lot of us here do transactions online. Maybe I'm the only one, but I was reading some internet security tips this morning, and I never realized this one. I'd noticed the 's', but I assumed it was just to accomodate more traffic (wrong).

And I checked, Vanguard does comply. FWIW...
Most URLs will begin with the familiar "http" before the site's address. News, entertainment and other general interest websites all use this format for their URLs.

But these days, if money is about to change hands or you're asked to share sensitive information such as your Social Security number, it's a good idea to look for a URL with an extra letter, says Andrea Eldridge, CEO and co-founder of Nerds On Call, a computer and electronics repair service based in Redding, Calif.

"Make sure that anytime that you are putting in sensitive information that the Web address starts with 'https' instead of 'http,'" Eldridge says. "That little 's' stands for secure, so the website has to have additional security precautions on the page keeping you safer and a whole lot less likely to have your information stolen."
Click to expand...
 
The s makes it relatively more secure, but not totally secure by a long shot.
 
Exactly - - you are still vulnerable if you your computer itself is not secure. You could have a keylogger, and if you use the software keyboard provided with windows to dodge the keyloggers, some hackers can see your desktop and what you are typing on the software keyboard. There are so many ways that one's computer can be compromised.
 
Understood.
 
A lot of sites use http for browsing catalogs, etc and then switch to https for logon, purchase and other features. Https is a little more data intensive although not a big deal for most these days. I think some email programs still use the split between https for signon and http for reading messages. Gmail switched to https for the entire session.
 
https means that the data transmission is encrypted (secure socket layer) so that someone using a sniffer on the network cannot see the text being typed.

However, if the PC you are using has been compromised with a keyboard logger then the letters you type are read before they are encrypted and transmitted over the network.
 
Last edited:
W2R said:
Exactly - - you are still vulnerable if you your computer itself is not secure. You could have a keylogger, and if you use the software keyboard provided with windows to dodge the keyloggers, some hackers can see your desktop and what you are typing on the software keyboard. There are so many ways that one's computer can be compromised.
Click to expand...
What I do only for key financial sites:
1) type in the last letters of the login
2) defocus -- type in some dummy letters off to the side of the window
3) type in the front letters of the login
4) do same for password (steps 1 - 3)

It won't defeat all keyloggers I'm told but at least the garden variety ones. It may seem a bit of a bother, but it's easy to get used to.

Also, standard procedure is to select "strong" passwords.
 
Lsbcal said:
What I do only for key financial sites:
1) type in the last letters of the login
2) defocus -- type in some dummy letters off to the side of the window
3) type in the front letters of the login
4) do same for password (steps 1 - 3)

It won't defeat all keyloggers I'm told but at least the garden variety ones. It may seem a bit of a bother, but it's easy to get used to.

Also, standard procedure is to select "strong" passwords.
Click to expand...
I do worry about key loggers. I do have "strong" passwords and change them periodically. But I'd never thought of your method, essentially adding superfluous characters. I'll have to try that, thanks!
 
Midpack said:
A lot of us here do transactions online. Maybe I'm the only one, but I was reading some internet security tips this morning, and I never realized this one. I'd noticed the 's', but I assumed it was just to accomodate more traffic (wrong).

And I checked, Vanguard does comply. FWIW...
Click to expand...
years ago I noticed some smaller operations didn't use secure connections but have not noticed any non secure connections in years. I always check .
 
SJ1_ said:
years ago I noticed some smaller operations didn't use secure connections but have not noticed any non secure connections in years. I always check .
Click to expand...

Just 3 years ago we were set to buy our season tickets at the little theatre we went to in Baton Rouge and they had now gone on-line which appeared to be great for selecting seats etc, but when it came to pay the site remained as http:, so we wrote a check and mailed it in.

This week I received my secure key from HSBC UK. It is larger than a credit card with a number pad and display. To log on I use a bookmark to get to the site, then enter the username (I have the site "remember" the username so no typing needed). I am then prompted for the answer to a security question. Then I have to key in my 8 digit PIN to the secure key device, and enter the 6 digit number that comes on the display.

Not much chance of a key logger or a phishing site getting around that process.
 
Alan said:
Just 3 years ago we were set to buy our season tickets at the little theatre we went to in Baton Rouge and they had now gone on-line which appeared to be great for selecting seats etc, but when it came to pay the site remained as http:, so we wrote a check and mailed it in.

This week I received my secure key from HSBC UK. It is larger than a credit card with a number pad and display. To log on I use a bookmark to get to the site, then enter the username (I have the site "remember" the username so no typing needed). I am then prompted for the answer to a security question. Then I have to key in my 8 digit PIN to the secure key device, and enter the 6 digit number that comes on the display.

Not much chance of a key logger or a phishing site getting around that process.
Click to expand...

DD uses a similar process to log onto her employer's VPN.
 
I think that periodically changing your passwords is not that useful. Convince me it's worth the effort.
 
TromboneAl said:
I think that periodically changing your passwords is not that useful. Convince me it's worth the effort.
Click to expand...

I don't think it is useful.

I do think it is important to have a different password for your financial accounts than for less secure sites. e.g. e-mail, Facebook, ER.org etc.

It's more important to have a strong password than one that changes.

A site whose admins can tell you what your password is, should you forget it, is NOT a secure site IMO. Password files should be encrypted and the best that site admins should be able to do is issue a new password.
 
Question for some, "How long is your secure password, and is it random?"
 
TromboneAl said:
I think that periodically changing your passwords is not that useful. Convince me it's worth the effort.
Click to expand...
I agree. The fear was someone would get the encrypted password file from the company server and use things like dictionary attacks to crack passwords. If you have strong passwords, crackers won't get to them (or at least didn't used to). Credit card numbers get snatched and used all the time. But how many people do you know that have had their online accounts misused for financial fraud?
 
You must log in or register to reply here.

Similar threads

easysurfer
MOVEit Hack
Replies
10
Views
878
easysurfer
easysurfer
Chuckanut
Personal Privacy Concerns
Replies
4
Views
484
GenXguy
GenXguy
MichaelB
Tax prep sw selling personal data
2 3
Replies
69
Views
6K
Badger
Badger
braumeister
Keeping internet up at home
2 3
Replies
62
Views
5K
tutan
T
Maenad
Venmo Scam warning
2
Replies
25
Views
2K
Koolau
Koolau

Latest posts

Back
Top Bottom