Bitcoin Forum
September 30, 2016, 03:12:26 AM *
News: Latest stable version of Bitcoin Core: 0.13.0 (New!) [Torrent]. Make sure you verify it.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Passwords & Security conception and issues  (Read 963 times)
BCEmporium
Legendary
*
Offline Offline

Activity: 910



View Profile
February 26, 2011, 11:16:04 PM
 #1

This is in reply to this, but I felt it would disturbing and going off-topic from what was being discussed there:

If you are worried about the security of your google account set up two factor authentication via sms or cellphone app. http://googleonlinesecurity.blogspot.com/2010/09/moving-security-beyond-passwords.html

I believe this is wrong in concept: Unfortunately, we often find that passwords are the weakest link in the security chain. the weakest link isn't the password, but commonly the ways you've to recover it.
For hotmail for an instance, a limited choice of questions, if given the right answer you would probably be easily hacked by someone who knows you. Actually it happened to me, with an ex-girlfriend opening my old mail unknowing the password, but, obviously, my mother's name.
Also these options are weaker to dictionary attacks, "where you born", "the name of your street", "your dog's name", "mother/father name", "car maker"... almost all rounds up to be common names. So, even if your password is aAjjsEW$$$%%@@hsu89y3 or even more complex and your security question is "What's your father name?" -> A: Bob you aren't safer than if the password itself would be Bob

"Two factor" also has a weak spot; what if you lose your cellphone? Or by some reason your operator cancels/changes your number?
1475205146
Hero Member
*
Offline Offline

Posts: 1475205146

View Profile Personal Message (Offline)

Ignore
1475205146
Reply with quote  #2

1475205146
Report to moderator
1475205146
Hero Member
*
Offline Offline

Posts: 1475205146

View Profile Personal Message (Offline)

Ignore
1475205146
Reply with quote  #2

1475205146
Report to moderator
1475205146
Hero Member
*
Offline Offline

Posts: 1475205146

View Profile Personal Message (Offline)

Ignore
1475205146
Reply with quote  #2

1475205146
Report to moderator
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
comboy
Sr. Member
****
Offline Offline

Activity: 247



View Profile
February 26, 2011, 11:55:16 PM
 #2

"Two factor" also has a weak spot; what if you lose your cellphone? Or by some reason your operator cancels/changes your number?

I'm not using it but I believe "two factor" means you need phone AND your password.

For the case of lost phone you generate some backup codes ahead of time and store them safely.

Variance is a bitch!
BCEmporium
Legendary
*
Offline Offline

Activity: 910



View Profile
February 27, 2011, 12:04:07 AM
 #3

For the case of lost phone you generate some backup codes ahead of time and store them safely.

It's already a feature on some banks here, and it's a pain! Sometime ago I'd to receive from work but they had changed the mobile operator, so I had to wait a few more days for them to able to do the transfer, taken the online banking wasn't possible without the old, and already deactivated, numbers.
You can't also generates codes ahead in time, the code sent by SMS is only valid for a short period, 1/2 hour or so.
comboy
Sr. Member
****
Offline Offline

Activity: 247



View Profile
February 27, 2011, 12:19:45 AM
 #4

You can't also generates codes ahead in time, the code sent by SMS is only valid for a short period, 1/2 hour or so.

Well I was talking about google, not your bank. As I said these are backup codes that you generate in case of lost phone.

PS. http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056287

Variance is a bitch!
BCEmporium
Legendary
*
Offline Offline

Activity: 910



View Profile
February 27, 2011, 12:23:40 AM
 #5

You can't also generates codes ahead in time, the code sent by SMS is only valid for a short period, 1/2 hour or so.

Well I was talking about google, not your bank. As I said these are backup codes that you generate in case of lost phone.

For what I know, Google works the same way. You can't generate a code to use, let's say, next month. They're valid for a short time also.

You're right. They though on that one.  Smiley
comboy
Sr. Member
****
Offline Offline

Activity: 247



View Profile
February 27, 2011, 12:25:02 AM
 #6

You can't also generates codes ahead in time, the code sent by SMS is only valid for a short period, 1/2 hour or so.

Well I was talking about google, not your bank. As I said these are backup codes that you generate in case of lost phone.

For what I know, Google works the same way. You can't generate a code to use, let's say, next month. They're valid for a short time also.

http://www.google.com/support/accounts/bin/answer.py?answer=1187538

RTFM (that is, Read Their Fantastic Manual)

Variance is a bitch!
BCEmporium
Legendary
*
Offline Offline

Activity: 910



View Profile
February 27, 2011, 12:26:58 AM
 #7

Sorry man! Took a while to get to it. Google decided to show me a "sorry this page isn't available on your language, try PT-BR instead"... so I'd to enter in the "smart-language carousel" already corrected the post above.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!