Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

2 Pages<12
Options
View
Go to last post Go to first unread
Offline Blackhawk8100  
#16 Posted : Tuesday, October 20, 2015 11:08:32 PM(UTC)
Blackhawk8100


Rank: Administration

Reputation:

Groups: Administrators, Moderator, Registered
Joined: 5/7/2014(UTC)
Posts: 1,941
Man
United States
Location: A Cold Place

Thanks: 6 times
Was thanked: 46 time(s) in 42 post(s)
Originally Posted by: acarzt Go to Quoted Post
That is cool tech, but it does not solve his problem. He needs security while away from his own device.

You can use it on mobile, and it will cross-verify, it may, like I said, needs to be looked into. It is a new tech and I don't know much of it.

Offline acarzt  
#17 Posted : Tuesday, October 20, 2015 11:15:09 PM(UTC)
acarzt


Rank: Advanced Member

Reputation:

Groups: Registered
Joined: 8/4/2003(UTC)
Posts: 3,567
Man
United States
Location: Texas

Thanks: 2 times
Was thanked: 19 time(s) in 19 post(s)
Originally Posted by: Blackhawk8100 Go to Quoted Post
You can use it on mobile, and it will cross-verify, it may, like I said, needs to be looked into. It is a new tech and I don't know much of it.

It's 2 factor authentication, something you are and something you have. The something you have is your "trusted device" which functions as a token, and then the something you are is either your fingerprint or your face. So you have to use a device that you own or trust. You would not want to trust a public computer.

Offline Tatoosh  
#18 Posted : Tuesday, October 27, 2015 12:35:50 PM(UTC)
Tatoosh


Rank: Member

Reputation:

Groups: Registered
Joined: 10/2/2012(UTC)
Posts: 142
Man
United States
Location: ex-expat -

Thanks: 6 times
Here is an article that just attracted my attention because I already have LastPass premium. The factor verification "sounds" pretty spiffy until 1) I lose the USB? or 2) still have to deal with vrii and malware infections. Now turning off autoplay.exe and possibly making it read only might suffice, but I am not sure that the LastPass, with a good browser installed on my USB will still function. And the Sesame utility I still need to figure out.

But it looks kind of promising for anyone that has to access accounts off of computers besides their own at home or a secure work area.

LifeHacer Secure USB

Edited by user Tuesday, October 27, 2015 12:36:23 PM(UTC)  | Reason: added hyperlink

Offline Blackhawk8100  
#19 Posted : Tuesday, October 27, 2015 12:49:33 PM(UTC)
Blackhawk8100


Rank: Administration

Reputation:

Groups: Administrators, Moderator, Registered
Joined: 5/7/2014(UTC)
Posts: 1,941
Man
United States
Location: A Cold Place

Thanks: 6 times
Was thanked: 46 time(s) in 42 post(s)
LastPass is a good service, and I trust them unless they get hacked. :P
Offline Tatoosh  
#20 Posted : Tuesday, October 27, 2015 1:32:54 PM(UTC)
Tatoosh


Rank: Member

Reputation:

Groups: Registered
Joined: 10/2/2012(UTC)
Posts: 142
Man
United States
Location: ex-expat -

Thanks: 6 times
LOL! I suppose so ..kind of like Ashley Madison was an amusing afternoon romp until it wasn't for some. I worry a bit less about LastPass getting hacked than most of the websites I have to use a password with. But that may simply be delusional on my part.
Offline acarzt  
#21 Posted : Tuesday, October 27, 2015 1:53:25 PM(UTC)
acarzt


Rank: Advanced Member

Reputation:

Groups: Registered
Joined: 8/4/2003(UTC)
Posts: 3,567
Man
United States
Location: Texas

Thanks: 2 times
Was thanked: 19 time(s) in 19 post(s)
Hmmm... I suspect that this method puts a file on the USB key that has some kind of encrypted key...

The problem with this is that if you plug your thumb drive into an unknown computer that automatically copies all of your files... now that computer has the file that is your key...

This type of authentication is called a token. And the problem with this type of token... is that the key never changes. So your key could be compromised without you ever knowing. You don't need to lose your USB thumb drive to have your key compromised. Someone just needs to get the data without you knowing...

So.... auto file copy on a public computer, that is also running a key logger... and all of your passwords are compromised.

The solution to this, is having a key that is constantly changed.

In enterprise solutions that use a token as a form of authentication, the key will be changed every 30 minutes. So even if the key get's compromised, it is only vulnerable for a maximum of 30 minutes.

If you want to use this setup, you need to change your key from a trusted computer, every time you plug that USB drive into an untrusted computer.

Offline Tatoosh  
#22 Posted : Tuesday, October 27, 2015 3:00:31 PM(UTC)
Tatoosh


Rank: Member

Reputation:

Groups: Registered
Joined: 10/2/2012(UTC)
Posts: 142
Man
United States
Location: ex-expat -

Thanks: 6 times
Those are important points. I just watched the Sesame FAQ video and it says Sesame generates one time passwords, so I'm not sure a key logger will work, but since I do have to type in my master password to open my LastPass account, a key logger will have half the necessary info, but this is a two factor system so it is not a wide open door.

Key Loggers are a concern in the Internet cafes, of course. Most of my friends, where I might log on their computer, are not techy enough to run a key logger, but since they do not live in a vacuum tube, there is always the remote possibility.

At some point it becomes such tail chaser, I feel like rolling myself up in bubble wrap and throwing myself off a cliff into the stormy grey seas!

But I think, I will try it. If possible, a read only, LastPass/Sesame secured thumbdrive with a browser installed so I browse from the thumb drive, not the host computer. Then I will clasp my hands together and beseech the Fates for a good toss of the dice!

Offline acarzt  
#23 Posted : Tuesday, October 27, 2015 3:18:05 PM(UTC)
acarzt


Rank: Advanced Member

Reputation:

Groups: Registered
Joined: 8/4/2003(UTC)
Posts: 3,567
Man
United States
Location: Texas

Thanks: 2 times
Was thanked: 19 time(s) in 19 post(s)
Originally Posted by: Tatoosh Go to Quoted Post
Those are important points. I just watched the Sesame FAQ video and it says Sesame generates one time passwords, so I'm not sure a key logger will work, but since I do have to type in my master password to open my LastPass account, a key logger will have half the necessary info, but this is a two factor system so it is not a wide open door.

Key Loggers are a concern in the Internet cafes, of course. Most of my friends, where I might log on their computer, are not techy enough to run a key logger, but since they do not live in a vacuum tube, there is always the remote possibility.

At some point it becomes such tail chaser, I feel like rolling myself up in bubble wrap and throwing myself off a cliff into the stormy grey seas!

But I think, I will try it. If possible, a read only, LastPass/Sesame secured thumbdrive with a browser installed so I browse from the thumb drive, not the host computer. Then I will clasp my hands together and beseech the Fates for a good toss of the dice!

The keylogger will capture your master password. The auto copy of all your files on your thumb drive will capture your key.

Your friend's do not need to be tech savy. There are plenty of example of malware that will install a software based keylogger unbeknownst to the user.

You can protect yourself... but it is expensive... Cyber security is a complicated thing... that's by big companies spend millions trying to protect themselves!

Offline Blackhawk8100  
#24 Posted : Tuesday, October 27, 2015 4:37:49 PM(UTC)
Blackhawk8100


Rank: Administration

Reputation:

Groups: Administrators, Moderator, Registered
Joined: 5/7/2014(UTC)
Posts: 1,941
Man
United States
Location: A Cold Place

Thanks: 6 times
Was thanked: 46 time(s) in 42 post(s)
Originally Posted by: Tatoosh Go to Quoted Post
LOL! I suppose so ..kind of like Ashley Madison was an amusing afternoon romp until it wasn't for some. I worry a bit less about LastPass getting hacked than most of the websites I have to use a password with. But that may simply be delusional on my part.

Well, yeah. It is probably protected a LOT more :P

Offline Tatoosh  
#25 Posted : Wednesday, November 18, 2015 9:26:21 PM(UTC)
Tatoosh


Rank: Member

Reputation:

Groups: Registered
Joined: 10/2/2012(UTC)
Posts: 142
Man
United States
Location: ex-expat -

Thanks: 6 times
I guess there are different levels of key loggers? The two factor setup allows for a virtual keyboard that they say defeats "low level" key loggers. So, is that good? Or are low level key loggers very passe these days? I'm tempted to go to two factor login, even knowing acartz well informed doubts. Since the other choice is doing nothing, which seems even a bit more risky.

I also noticed that Amazon is now offering two factor login, though it uses your cellphone to send you a special login pass code. And that tidbit came courtesy of the HH newsfeed. Handy, that.

Offline Blackhawk8100  
#26 Posted : Thursday, November 19, 2015 9:37:33 AM(UTC)
Blackhawk8100


Rank: Administration

Reputation:

Groups: Administrators, Moderator, Registered
Joined: 5/7/2014(UTC)
Posts: 1,941
Man
United States
Location: A Cold Place

Thanks: 6 times
Was thanked: 46 time(s) in 42 post(s)
Originally Posted by: Tatoosh Go to Quoted Post
I guess there are different levels of key loggers? The two factor setup allows for a virtual keyboard that they say defeats "low level" key loggers. So, is that good? Or are low level key loggers very passe these days? I'm tempted to go to two factor login, even knowing acartz well informed doubts. Since the other choice is doing nothing, which seems even a bit more risky.

I also noticed that Amazon is now offering two factor login, though it uses your cellphone to send you a special login pass code. And that tidbit came courtesy of the HH newsfeed. Handy, that.

I would go with 2 Factor Authentication.Always. Period.

Users browsing this topic



2 Pages<12
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.