Ranter's CornerSony Bastards

  

Press Ctrl+Enter to quickly submit your post
Quick Reply  
 
 
  
 From:  Ken (SHIELDSIT)   26 Apr 2011 22:52 
 To:  koswix       8 of 157 
38415.8 In reply to 38415.7 
Has Goog rolled out 2 step verification for you fellows yet?
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   26 Apr 2011 22:53 
 To:  koswix       9 of 157 
38415.9 In reply to 38415.7 
Fuck me, they stored your info in plain text! Sony is so awesome!
0/0
 Reply   Quote More 

 From:  koswix    26 Apr 2011 22:54 
 To:  Ken (SHIELDSIT)      10 of 157 
38415.10 In reply to 38415.8 
Dunno, what's 2 step verification?

GIVE ME EYERON OR! :@ msg:38140.1
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   26 Apr 2011 22:56 
 To:  koswix       11 of 157 
38415.11 In reply to 38415.10 

You have a main password and a 2nd that is generated every month. You use your phone to generate the 2nd.

 

If you use a new computer you need to generate a 2nd pw. So it doesn't matter if someone gets your main password. As soon as they try to sign in on a different computer they are shut down.
0/0
 Reply   Quote More 

 From:  patch   26 Apr 2011 22:57 
 To:  koswix       12 of 157 
38415.12 In reply to 38415.7 

I'm trying out a combination of Dropbox and Keepass for keeping my passwords in. That way I can use the password generation routines in Keepass, and have different passwords for everything.

 

I know it's possibly a bit silly to put the Keepass file in Dropbox, but the password on the Keepass file would be a right bugger to break, and my Dropbox password is pretty good, too.
0/0
 Reply   Quote More 

 From:  koswix    26 Apr 2011 23:01 
 To:  Ken (SHIELDSIT)      13 of 157 
38415.13 In reply to 38415.11 
Ah, no. not yet, although that does sound both good and anoying :|

GIVE ME EYERON OR! :@ msg:38140.1
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   26 Apr 2011 23:03 
 To:  koswix       14 of 157 
38415.14 In reply to 38415.13 

Once you get stuff set up it's not bad. And way safer. Here is a shot of their page about it.

 

you go to www.google.com/accounts to set it up - that's where you'd do it if you can get it.

Attachments:
0/0
 Reply   Quote More 

 From:  milko   26 Apr 2011 23:05 
 To:  koswix       15 of 157 
38415.15 In reply to 38415.1 
heh. It's pretty naughty innit! i am looking forward to seeing what weasel words get employed in the coming week or two.

milko
0/0
 Reply   Quote More 

 From:  Matt   26 Apr 2011 23:09 
 To:  patch      16 of 157 
38415.16 In reply to 38415.12 
I've been using KeyPass for a couple of years now, it's really good. I still have a couple of places I use my "common" password, one of which just happens to be PSN, which I've now changed.

The only downside to KeyPass is it makes it impossible to gain access to a site from anywhere that isn't the machine you have your KeyPass database on (except of course if you use DropBox like you're doing - just don't go using the same password to access your DropBox account as you do to unlock your KeyPass database) and you don't know what the randomly assigned password is.

The upside to that downside is that I tend to buy less things on my lunch break that I don't really need.

Incidentally it was my Steam account that was compromised (though this was before Steam allowed you to save your card details) that instigated the need for me to start using KeyPass.

doohicky
0/0
 Reply   Quote More 

 From:  koswix    26 Apr 2011 23:09 
 To:  milko      17 of 157 
38415.17 In reply to 38415.15 
I'd like to seem them get fined by the ICO for not telling people quickly enough, but I doubt that will happen :(

GIVE ME EYERON OR! :@ msg:38140.1
0/0
 Reply   Quote More 

 From:  patch   26 Apr 2011 23:12 
 To:  Matt      18 of 157 
38415.18 In reply to 38415.16 
I think it's possible to use portable versions of Keepass and Dropbox and bung them on a USB stick to carry round, but that just means that I'd have to add a USB stick to my keyring and I'm not too keen on that idea.
0/0
 Reply   Quote More 

 From:  koswix    26 Apr 2011 23:12 
 To:  Matt      19 of 157 
38415.19 In reply to 38415.16 

Hmm - I use one strong password for sites/things that are anything to do with money stuff, because I am incapable of remembering more than one strong password :$

 

I would like an app on my laptop, PC and Android that would let me easily store and sync (and generate new ones when registering for sites) passwords. That would be good. Does keypass do this?


GIVE ME EYERON OR! :@ msg:38140.1
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   26 Apr 2011 23:13 
 To:  koswix       20 of 157 
38415.20 In reply to 38415.19 
You could check into LastPass. That's what I use.
0/0
 Reply   Quote More 

 From:  Peter (BOUGHTONP)   26 Apr 2011 23:16 
 To:  Ken (SHIELDSIT)      21 of 157 
38415.21 In reply to 38415.6 
Well, that bit was semi-sarcastic, you don't need lots, but you do need to have more than one.

It shouldn't be possible to access actual customer databases from the Internet - only via applications that indirectly access it (one record at a time, so users can check/modify their own data).
The database itself, and all the software that does bulk stuff should be behind a completely separate firewall, only accessible from within the company network.

In addition to that, sensitive data should be encrypted.
Perhaps the "may" is because credit card data was actually encrypted (but not securely enough to prevent decryption).
Passwords should have been one-way encrypted with a salted hash, including a secret part which is not part of the database, making it near impossible to decrypt passwords if you've only got the database, and very hard even if you also have the source/secret code.

A company the size of Sony which deals with card payments should be independently audited to make sure of all this. :/
0/0
 Reply   Quote More 

 From:  koswix    26 Apr 2011 23:18 
 To:  Ken (SHIELDSIT)      22 of 157 
38415.22 In reply to 38415.20 
Does that store your passwords locally or on their servers?

GIVE ME EYERON OR! :@ msg:38140.1
0/0
 Reply   Quote More 

 From:  Matt   26 Apr 2011 23:21 
 To:  koswix       23 of 157 
38415.23 In reply to 38415.1 
Presumably, SCEE have PCI DSS compliance in the EU in order to store credit card numbers unencrypted. That means they've fucked up real bad.

doohicky
0/0
 Reply   Quote More 

 From:  koswix    26 Apr 2011 23:25 
 To:  Matt      24 of 157 
38415.24 In reply to 38415.23 
You mean they filled in a questionaire?

GIVE ME EYERON OR! :@ msg:38140.1
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   26 Apr 2011 23:25 
 To:  koswix       25 of 157 
38415.25 In reply to 38415.22 
Just on their servers. LastPass
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   26 Apr 2011 23:26 
 To:  Peter (BOUGHTONP)      26 of 157 
38415.26 In reply to 38415.21 

I know it was sarcastic. I was being dumb.

 

They should know better and I hope they pay for it!
0/0
 Reply   Quote More 

 From:  Matt   26 Apr 2011 23:26 
 To:  koswix       27 of 157 
38415.27 In reply to 38415.19 
Yes, but it doesn't do syncing itself. Syncing by Dropbox is a pretty good solution which I hadn't thought about, previously mentioned security concerns considered.

You can get Keypass (KeyPassDroid) and Dropbox clients for Android. I haven't tried creating new passwords in KeyPassDroid, I just use it to copy passwords from, and the Dropbox client for Android doesn't do automatic sync as far as I can tell (probably so it doesn't munch your bandwidth), rather you download and upload files manually to it.

doohicky
0/0
 Reply   Quote More 

Reply to All  
 

1–20  21–40  …  141–157

Rate my interest:

Adjust text size : Smaller 10 Larger

Beehive Forum 1.5.2 |  FAQ |  Docs |  Support |  Donate! ©2002 - 2024 Project Beehive Forum

Forum Stats