Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 3 [4]

Author Topic: browsers offering to save login details - how to properly stop this  (Read 19937 times)

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: browsers offering to save login details - how to properly stop this
« Reply #45 on: March 07, 2019, 08:03:28 AM »

not sure if that's the same story as i noticed the other day, but apparently the lastpass extension had exploits which would allow hackers to gain access to all passwords. (from 2017 https://www.zdnet.com/article/lastpass-acknowledges-browser-extension-vulnerability-working-on-fix/)
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: browsers offering to save login details - how to properly stop this
« Reply #46 on: March 07, 2019, 10:30:47 AM »

No that's a different story, the one you linked to was discovered and patched prior to being exploited by the bad guys (as far we know).
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5261
    • Thinkbroadband Quality Monitors
Re: browsers offering to save login details - how to properly stop this
« Reply #47 on: March 25, 2019, 04:06:43 PM »

All I can say is I simply couldn't work at a company with that policy.  I wouldn't be able to remember the password from locking my notepad away to getting to the desk.  I can memorise complex passwords (or could, haven't tried in a while), but by the time I had the 30 day reset would come around.

My mum is locked out of her online prescription service because she can't reset her password without going into the GP surgery and she is housebound.

People are incredibly narrow minded when it comes to these things.  I highly suspect the average person has a far worse memory than the people making these decisions.

I did indeed used to use just a couple of password for every site, they have since been compromised and I can't remember every site they were used on so I have no idea if one day I will find a site I used years ago has been compromised.  I can only hope all those sites reset the passwords once they were aware of the issue.

Since storing my passwords in Firefox I have been more random with my passwords.  Facebook doesn't let you use the same password twice, this resorted in me switching from a long password that has never been compromised to a short one to aid memory.  You see how that makes no sense?

If you are truly that paranoid, biometrics is the only answer IMO.
« Last Edit: March 25, 2019, 04:09:45 PM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: browsers offering to save login details - how to properly stop this
« Reply #48 on: March 25, 2019, 06:35:22 PM »

The most bonkers site I have come across re security is a certain UK bank, that invalidate your online details if you go more than (I think) three months, without logging in.  In itself, that would not be so bad, as you then need to reregister, which involves interacting with an old fashioned letter delivered through the letterbox, and of course invalidating the old password and dongle,  and proving your identity.   But... whilst you can  re-register as many times as you like, each time re-register, you also need to use a different email address.    ???

I have no idea why they think that insisting upon a different email address adds anything to security, other than falling into the trap of believing that “because it is more awkward, it must be more secure.” :D
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: browsers offering to save login details - how to properly stop this
« Reply #49 on: March 26, 2019, 08:18:21 AM »

The most bonkers site I have come across re security is a certain UK bank, that invalidate your online details if you go more than (I think) three months, without logging in.  In itself, that would not be so bad, as you then need to reregister, which involves interacting with an old fashioned letter delivered through the letterbox, and of course invalidating the old password and dongle,  and proving your identity.   But... whilst you can  re-register as many times as you like, each time re-register, you also need to use a different email address.    ???

I have no idea why they think that insisting upon a different email address adds anything to security, other than falling into the trap of believing that “because it is more awkward, it must be more secure.” :D

i suspect, in this instance, it's simply bad coding where in realitythe old online "account" hasn't actually been deleted but is still there, hence why the requirement to use a "new" email address". the old email address will still be there in the system somewhere.
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: browsers offering to save login details - how to properly stop this
« Reply #50 on: March 26, 2019, 03:53:26 PM »

i suspect, in this instance, it's simply bad coding where in realitythe old online "account" hasn't actually been deleted but is still there, hence why the requirement to use a "new" email address". the old email address will still be there in the system somewhere.

You may well be right.  But it still leaves me with the feeling that the bank’s implementation of security process, whilst conforming to every tick-box known to the industry,  was entrusted to their “B Team” of programmers.   :)
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: browsers offering to save login details - how to properly stop this
« Reply #51 on: March 26, 2019, 03:55:28 PM »

Given the postal system itself is a security issue, I think a policy of requiring people to go through that process after 3 months is bad for security not good for it.
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: browsers offering to save login details - how to properly stop this
« Reply #52 on: March 26, 2019, 04:36:20 PM »

To be fair, my experience was that of a business account, and of individual persons authorised to access that account on behalf of the company.   

They may argue that if Fred hasn’t logged in for a while, Fred may have left the company, so best to make sure the company is still happy for Fred to have access to the pennies.   So I can sympathise with the fact there’s an innactivity timeout.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: browsers offering to save login details - how to properly stop this
« Reply #53 on: March 29, 2019, 11:33:20 AM »

Then they just ask the administrator of the account to reauthorise Fred to access, no need for a full on postal ID check again.

I just had similar issue with betfair it seems.  I had a horrible process to follow when I had to verify my ID as I refused to send it without written agreement from them the data will be destroyed which they kept refusing, eventually they agreed and my account got "ID verified", then today I tried to login a couple of years later and its disabled for "lack of ID verification", I assume its not a one off thing and they expect people to take this security risk practice at intervals.

Skybet also disabled me after a period of time last year, and bet365 have done it as well, seems common practice in betting industry to routinely disable accounts that arent active, then of course if they want to be used again you have to jump through walls, although in the case of bet365 a phone call was enough, but in my opinion that shouldnt even be needed.  Skybet wanted my photo ID again.
« Last Edit: March 29, 2019, 11:38:31 AM by Chrysalis »
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: browsers offering to save login details - how to properly stop this
« Reply #54 on: March 29, 2019, 01:17:00 PM »

I used my Betfair account for the first time in a long time the other week and logged in with no issues.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: browsers offering to save login details - how to properly stop this
« Reply #55 on: March 30, 2019, 02:31:26 PM »

Well maybe they werent happy with my request and disabled me for that reason who knows, but it states the reason as requiring identity and that was supplied.

Its even been completely closed.

Quote
Access to this account is denied - this account has been closed. Please contact us if you have any questions.
Logged
Pages: 1 2 3 [4]