 | Forum
Reply | Internet account security, passwords, AI 'hackbots'
at 13:08 17 Oct 2024
It depends…
Probably safe enough, as the App should be installed on a device which will be recognised and trusted. If not, additional information/confirmation should be requested and not just a 5 digit PIN. However, if your device is compromised then you may be at some risk.
Banks are actually quite good when it comes to security though. There will be close scrutiny of the app security/updates and they build in additional safeguards for approving payments or changing personal details. But that safeguard could be a code sent by SMS to the compromised device!
Morale of the story = be cautious when installing new apps on your phone and make sure you apply security updates. I won’t mention VPN apps here, although that could be relevant to some readers.
Do your banking in person at a branch if you want to avoid risks (although app can be very convenient for modern life and also help to quickly identify suspicious activity/payments).
The main threat here is social engineering or phishing, where you are “persuaded” to carry out the attackers actions (that may be making the payment or installing the malware laden app). It’s simple and remarkably effective. Attacks will focus on low hanging fruit, so east and cheap will be preferred to highly technical and complex. |
| Forum
Reply | Internet account security, passwords, AI 'hackbots'
at 11:55 17 Oct 2024
This is great advice.
Worth considering that with MFA enabled on your critical sites, the password manager may be sufficiently secure. The site will fingerprint your device and allow you in when you connect from a trusted device. If you login from a new device (or an upgraded one), the MFA will be triggered, hopefully blocking access for any hacker even if they did steal/guess your password.
For the techies out there, you should find it easy to make good choices. For others, a fairly simple approach which adds security may be best. |
| Forum
Reply | Internet account security, passwords, AI 'hackbots'
at 11:23 17 Oct 2024
You could use a cloud based password manager which integrates with the browser to autofill username and password. You can also look up additional notes for things like “secrets”. They should support both Computer and mobile operating systems, but check the license and device requirements!
That would probably provide the optimal user experience, making it very slick and convenient. |
| Forum
Reply | Internet account security, passwords, AI 'hackbots'
at 23:36 16 Oct 2024
Perhaps! The main threat here is to the security question that some sites use as additional authentication factor. Many sites ask the same questions, so if one system is hacked then the attacker has your “secret” answer for many sites. You can work around this by creating fake/random answers and store them in your password manager. |
| Forum
Reply | Internet account security, passwords, AI 'hackbots'
at 23:26 16 Oct 2024
Brute forcing can be carried out against a stolen copy of an encrypted database - you are right that any decently engineered primary system would have safeguards to throttle and rate limit entries.
With current computing power a 15 character password with no complexity is virtually uncrackable, but for future proofing you may want to go longer or add complexity (quantum computing will be a gamechanger for bruteforcing). |
| Forum
Reply | Internet account security, passwords, AI 'hackbots'
at 23:18 16 Oct 2024
I’ve worked in cyber security for 25+ years so have some insights here.
We ask colleagues to avoid storing passwords in the browser due to the threat of malware compromising your device. In that scenario, passwords stored in the browser could potentially be misused. Malware could also result in a keylogger being installed to capture your passwords at the point of entry.
A dedicated password manager is less risky, but not without flaws especially if cloud based. Cracking all your eggs in one basket means dealing with a very messy omelette. One of the best features of a password manager is the quick creation of truly random and complex passwords which you don’t have to remember or type in. A little black book, non-digital, can be safe if you keep it secure - maybe avoid writing site names in full but use some form of code.
Someone else has suggested MFA. That is the best protection of all, however you do need to consider what happens if you lose your device (or whatever solution provides your additional authentication factor). Also, SMS based MFA is vulnerable to SIM swapping (a social engineering attack on your mobile phone provider) so consider an Authenticator app instead.
Another good suggestion is using a tiered approach. Many services dont really carry much risk, but your main email, social media and anything financial deserves a unique, strong password and MFA.
AI hasn’t made it easier to crack a strong, random password, only a predictable one. Length is strength, so rather that using symbols and numbers you can create a memorable pass phrase by chaining unconnected words. You might be able to construct visual memory triggers to help remember the words, e.g. https://xkcd.com/936/?correct=horse&battery=staple
I’ll stop boring you now… [Post edited 16 Oct 2024 23:31]
|
| Forum
Reply | Best player you've played with / against?
at 09:08 5 Oct 2024
No doubts for me. Against John Wark and with Simon Milton on the pitch at Portman Road. I don’t remember too much of the charity game where I paid to be the right winger, except for having a headed chance in the box at North Stand end - and fluffing it. Milts was so good with the ball but played a very generous game, a fulcrum feeding the forwards or melding with he midfield, not trying to dominate the game - which his skill would have allowed. I seem to recall Wark was up for it and liked getting stuck in.
For a long time I had a regular friendly mates game on a Thursday night, one lad played for a couple of years who was previously on the books at Newcastle United and was seriously good. If his knees had held up he could well have been a first team player. Used to love being on his side but also relished the challenge of being the opponent.
Played with Phil Ham if you want famous instead… |
| Forum
Reply | London Stadium (WHU) - some observations
at 21:16 24 Sep 2024
Crate Brewery is close to the stadium. Serves craft beer and good pizza. Quick walk to Stratford, also close to Hackney Wick station for travel alternative.
I’ve been there when Baseball was on, heaving but friendly. |
| Forum
Reply | Brighton boozers
at 10:42 14 Sep 2024
What sort of beer/food and how far might you walk?
The Windmill and Easy Tiger on Upper North Street are decent. |
| Forum
Reply | Polestar
at 11:32 10 Aug 2024
I had a test drive in a polestar 2 a couple of months ago. Can’t comment on ownership but it was a lovely car, would definitely consider it if going battery electric. Range appears to be good, quality interior, solid and well built, more than fast enough, intuitive controls, smooth ride, good looks (imho). |
| Forum
Reply | Nicedle Friendleve
at 07:51 9 Aug 2024
Wordle 1,147 5/6
🟦⬛🟦⬛⬛
⬛⬛🟦🟦⬛
⬛⬛🟦⬛⬛
⬛🟧🟧🟧🟧
🟧🟧🟧🟧🟧
Should have waited for coffee |
| Forum
Reply | Thursdle
at 07:53 8 Aug 2024
Wordle 1,146 3/6
🟦⬛🟧⬛🟦
🟧⬛🟧⬛🟧
🟧🟧🟧🟧🟧
Good start to the day |
| Forum
Reply | Now that these are the days…
at 19:37 23 May 2024
Ah yes, I forgot the new kit design for next year!
Dress sharp enough and you can join the elite.
Fred Perry and Harrington jacket for home games, Parka for away.
Silk scarf if you want to be a peacock.
Works for any age or gender. |
| Forum
Reply | Now that these are the days…
at 12:49 23 May 2024
Hi SB,
This is a parody thread intended to provide some light hearted relief to the other matters.
The Whoosh smiley on first post could have been further emphasised.
I have nothing but admiration for the site admins and their efforts. I will review earlier reply and edit if I can figure out where I can soften any accusation of unprfessionalism or make it clearer that this is not serious.
Thanks for the input. |
| Forum
Reply | Now that these are the days…
at 09:17 23 May 2024
Yes, I am aware that some have a view that the stewards have taken an overly lenient approach to edgy behaviour in the past, a situation which may be inappropriate in future given the increase in away posters.
I think the limited use of ban hammer may be down to the sheer volume of posts, rather than the low pay and distraction from on the pitch action. Perhaps the site can afford to employ additional staff members if other changes go through.
Or do we need to strengthen the SupporterID schemes, with posters having to provide photographic identity proof before being allowed to post? Unverified visitors could read only…. Personally I think this may go too far and upset traditional posters, some of whom do not wish Big Brother to track there every move!
(Edited to remove I’ll-judged wording that might be interpreted in ways that were not intended)
[Post edited 23 May 2024 13:08]
|
| | Bbmaj
|
Site Scores| Forum Votes: | 72 | | Comment Votes: | 21 | | Prediction League: | 0 | | TOTAL: | 93 |
|
By continuing to use the site, you agree to our use of cookies and to abide by our Terms and Conditions.