• Hi Guest!
    If you appreciate British Car Forum and our 25 years of supporting British car enthusiasts with technical and anicdotal information, collected from our thousands of great members, please support us with a low-cost subscription. You can become a supporting member for less than the dues of most car clubs.
    There are some perks with a member upgrade!
    **Upgrade Now**
    (PS: Subscribers don't see this gawd-aweful banner
Tips
Tips

Logins, passwords, authentications, facial recognition, thumbprints, retinal scanning, BMI, blood pH, etc ...

Share this page

NutmegCT

NutmegCT

Great Pumpkin
Bronze
Offline
As we used to say in network management back in the day ... a fully secure system will be so difficult for users, they'll stop using it. Yeesh.

This morning my bank (yes, really) sends an email to all account holders. In addition to requiring two-factor authentication, now any 'net contact will require either facial or thumbprint verification. And of course, many online accounts no longer send paper statements with return envelopes - they send emails saying "click here to see your statement and pay your bill". Meaning you have to log in to their system to do anything. Facial or thumbprint requires cell phone, and reading statements and account info isn't exactly easy on a small smartphone screen.

Good grief. Most people have over a dozen online accounts: mortgage, credit cards, banking, utility payments, forums, medical appointments, etc.

Various FAQs give suggestions on improving your online security.

1 - Stop reusing passwords
2 - Make your passwords impossible to guess
3 - Avoid certain obvious or easy passwords
4 - Check if your passwords have been exposed
5 - Set up two-factor authentication
6 - Use a password manager
7 - Change your passwords and authentication at least once every 90 days for each account.

I have a few grey hairs ... using a password manager seems like an invitation to even more nightmares. A single file somewhere (the cloud?) records my logins and passwords? If an account requires you to change your password and/or two-factor authentication, how does the password manager handle that? And like most other useful online things, eventually they start charging to use them.

Many people I know say they're close to giving up, ignoring emails saying to "click here to log in to your account" or "click here to read your message" - due to so much spam and phishing. We realize that old fashioned (!) paper records can be stolen, and checks can be stolen - but no one remember ever having that happen. Today we're blasted 24/7 with "how to stay safe from hackers with your online accounts".

How do you guys handle all the logins/passwords/authentications for your online accounts?

Tom M.
Thoreau: "Men have become the tools of their tools."
 
I have a system that I can remember that makes each password unique (for each account). My son, an IT guy, told me about it... and it seems to work. It consists of a name that includes a capital letter, a symbol, a number and something unique to the particular website.
 
NutmegCT said:
have a few grey hairs ... using a password manager seems like an invitation to even more nightmares.
Click to expand...
I'm an Apple user and have an App called 1 Password. Been using it for years and it works great. Integrates seamlessly into my computer's browser (and iPhone as well). Also, but iMac computer auto-fills passwords from a secure keychain. I just click into the user name field on a site and it automatically fills in both name and password. I use complex, unique passwords for every site.
 
Basil said:
I'm an Apple user and have an App called 1 Password. Been using it for years and it works great. Integrates seamlessly into my computer's browser (and iPhone as well). Also, but iMac computer auto-fills passwords from a secure keychain. I just click into the user name field on a site and it automatically fills in both name and password. I use complex, unique passwords for every site.
Click to expand...
I do the same on my MacBook. One additional great thing is that when you change a password, it will ask you if you want to β€œupdate your password β€œ to the new one.
One click and your new password replaces the old one.
 
Thanks - do you also have to do a separate authentication request?
 
I'm similarly asked on my Android phone... to use my thumbprint.
 
Mark - you mean the phone needs your thumbprint to operate? or do you mean various payment apps need your thumbprint?

Thanks.
 
NutmegCT said:
Mark - you mean the phone needs your thumbprint to operate? or do you mean various payment apps need your thumbprint?

Thanks.
Click to expand...
The thumbprint is needed for various log-ins to secure sites (that I approve)... to then autofill the info. The thumbprint can also be used to access the phone (as well as facial recognition).
 
NutmegCT said:
Thanks - do you also have to do a separate authentication request?
Click to expand...
Like Mark, I have to use my finger print in order to sign into my MacBook.
 
Basil said:
Who are you asking?
Click to expand...

Originally was asking Elliott, related to his post four minutes before mine. But generally, is anyone here using two-step authentication for accessing online systems?

Overall, many folks I work with are overwhelmed with all the different usernames, passwords, authentication, biometrics they're being confronted with these days. They're reluctant to use password managers, as that's another hacking angle, and doesn't help them with the authentication or biometrics issues. They're giving up. Even my doctors recognize the problems - but most doctors today work for private corporations, which manage the systems and make the rules.
 
NutmegCT said:
Originally was asking Elliott, related to his post four minutes before mine. But generally, is anyone here using two-step authentication for accessing online systems?

Overall, many folks I work with are overwhelmed with all the different usernames, passwords, authentication, biometrics they're being confronted with these days. They're reluctant to use password managers, as that's another hacking angle, and doesn't help them with the authentication or biometrics issues. They're giving up. Even my doctors recognize the problems - but most doctors today work for private corporations, which manage the systems and make the rules.
Click to expand...
Ok, well, I use two-factor authentication when it's available. One extra layer of security that makes it much more difficult to breach.

In five years: "At the tone, please submit a suitable DNA sample."
 
Basil - did you see the movie "Minority Report"?

Some interesting biometric security systems in there ...
 
Two-step authentication strikes me as quasi-foolproof (though a bit of a pain). At one site I use, I log in with my email and they confirm that followed by an email (or text) to my number.
 
I use a password manager. No way I can remember >100 passwords, especially the ****************** ones that are generated by the manager.

I also use two-factor authentication for some accounts - either a text to my phone or a Symantec credential on my phone that changes the number every 30 seconds. I use that for financial and our Club website admin account.

I have a few accounts that are in the "so what if they are hacked" category. I'm more lax with them.

For iPhone access, I use a fingerprint.

Government websites require changing my password every ** days (it's not consistent between sites). They send me a reminder to do so. When I change it, the password manager asks if I want to save the change.
 
Thanks John. All the steps may be necessary, but it sure adds to the hassle of "going paperless".
 
John Turney said:
Government websites require changing my password every ** days (it's not consistent between sites). They send me a reminder to do so. When I change it, the password manager asks if I want to save the change.
Click to expand...
Working on a classified system, we had to change our passwords very often. Then worst part was, it had to be very complex (min of 14 characters if I recall) and you absolutely could NOT write it down!
 
Basil said:
Working on a classified system, we had to change our passwords very often. Then worst part was, it had to be very complex (min of 14 characters if I recall) and you absolutely could NOT write it down!
Click to expand...
Our classified systems used analog computers, punch cards and combination locks (and occasional guards with guns).
 
Back
Top