Bitcoin Forum
April 25, 2014, 03:48:40 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Passwords & Security conception and issues  (Read 592 times)
BCEmporium
Hero Member
*****
Offline Offline

Activity: 518



View Profile

Ignore
February 26, 2011, 11:16:04 PM
 #1

This is in reply to this, but I felt it would disturbing and going off-topic from what was being discussed there:

If you are worried about the security of your google account set up two factor authentication via sms or cellphone app. http://googleonlinesecurity.blogspot.com/2010/09/moving-security-beyond-passwords.html

I believe this is wrong in concept: Unfortunately, we often find that passwords are the weakest link in the security chain. the weakest link isn't the password, but commonly the ways you've to recover it.
For hotmail for an instance, a limited choice of questions, if given the right answer you would probably be easily hacked by someone who knows you. Actually it happened to me, with an ex-girlfriend opening my old mail unknowing the password, but, obviously, my mother's name.
Also these options are weaker to dictionary attacks, "where you born", "the name of your street", "your dog's name", "mother/father name", "car maker"... almost all rounds up to be common names. So, even if your password is aAjjsEW$$$%%@@hsu89y3 or even more complex and your security question is "What's your father name?" -> A: Bob you aren't safer than if the password itself would be Bob

"Two factor" also has a weak spot; what if you lose your cellphone? Or by some reason your operator cancels/changes your number?
1398397720
Hero Member
*
Offline Offline

Posts: 1398397720

View Profile Personal Message (Offline)

Ignore
1398397720
Reply with quote  #2

1398397720
Report to moderator
1398397720
Hero Member
*
Offline Offline

Posts: 1398397720

View Profile Personal Message (Offline)

Ignore
1398397720
Reply with quote  #2

1398397720
Report to moderator
Unbeatable Service & Product Support
Grab Your Miners at GAWMiners.com
Order Before April 25th to receive
Double your Hashing Power for 1 week!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398397720
Hero Member
*
Offline Offline

Posts: 1398397720

View Profile Personal Message (Offline)

Ignore
1398397720
Reply with quote  #2

1398397720
Report to moderator
1398397720
Hero Member
*
Offline Offline

Posts: 1398397720

View Profile Personal Message (Offline)

Ignore
1398397720
Reply with quote  #2

1398397720
Report to moderator
1398397720
Hero Member
*
Offline Offline

Posts: 1398397720

View Profile Personal Message (Offline)

Ignore
1398397720
Reply with quote  #2

1398397720
Report to moderator
comboy
Full Member
***
Offline Offline

Activity: 238



View Profile

Ignore
February 26, 2011, 11:55:16 PM
 #2

"Two factor" also has a weak spot; what if you lose your cellphone? Or by some reason your operator cancels/changes your number?

I'm not using it but I believe "two factor" means you need phone AND your password.

For the case of lost phone you generate some backup codes ahead of time and store them safely.

Variance is a bitch!
BCEmporium
Hero Member
*****
Offline Offline

Activity: 518



View Profile

Ignore
February 27, 2011, 12:04:07 AM
 #3

For the case of lost phone you generate some backup codes ahead of time and store them safely.

It's already a feature on some banks here, and it's a pain! Sometime ago I'd to receive from work but they had changed the mobile operator, so I had to wait a few more days for them to able to do the transfer, taken the online banking wasn't possible without the old, and already deactivated, numbers.
You can't also generates codes ahead in time, the code sent by SMS is only valid for a short period, 1/2 hour or so.
comboy
Full Member
***
Offline Offline

Activity: 238



View Profile

Ignore
February 27, 2011, 12:19:45 AM
 #4

You can't also generates codes ahead in time, the code sent by SMS is only valid for a short period, 1/2 hour or so.

Well I was talking about google, not your bank. As I said these are backup codes that you generate in case of lost phone.

PS. http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056287

Variance is a bitch!
BCEmporium
Hero Member
*****
Offline Offline

Activity: 518



View Profile

Ignore
February 27, 2011, 12:23:40 AM
 #5

You can't also generates codes ahead in time, the code sent by SMS is only valid for a short period, 1/2 hour or so.

Well I was talking about google, not your bank. As I said these are backup codes that you generate in case of lost phone.

For what I know, Google works the same way. You can't generate a code to use, let's say, next month. They're valid for a short time also.

You're right. They though on that one.  Smiley
comboy
Full Member
***
Offline Offline

Activity: 238



View Profile

Ignore
February 27, 2011, 12:25:02 AM
 #6

You can't also generates codes ahead in time, the code sent by SMS is only valid for a short period, 1/2 hour or so.

Well I was talking about google, not your bank. As I said these are backup codes that you generate in case of lost phone.

For what I know, Google works the same way. You can't generate a code to use, let's say, next month. They're valid for a short time also.

http://www.google.com/support/accounts/bin/answer.py?answer=1187538

RTFM (that is, Read Their Fantastic Manual)

Variance is a bitch!
BCEmporium
Hero Member
*****
Offline Offline

Activity: 518



View Profile

Ignore
February 27, 2011, 12:26:58 AM
 #7

Sorry man! Took a while to get to it. Google decided to show me a "sorry this page isn't available on your language, try PT-BR instead"... so I'd to enter in the "smart-language carousel" already corrected the post above.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!