Actuarial Outpost
 
Go Back   Actuarial Outpost > Actuarial Discussion Forum > Software & Technology
FlashChat Actuarial Discussion Preliminary Exams CAS/SOA Exams Cyberchat Around the World Suggestions

Salary Surveys
Property & Casualty, Life, Health & Pension

Health Actuary Jobs
Insurance & Consulting jobs for Students, Associates & Fellows

Actuarial Recruitment
Visit DW Simpson's website for more info.
www.dwsimpson.com/about

Casualty Jobs
Property & Casualty jobs for Students, Associates & Fellows


Reply
 
Thread Tools Display Modes
  #351  
Old 04-03-2017, 02:33 PM
ahow's Avatar
ahow ahow is offline
Member
CAS
 
Join Date: Nov 2003
Location: Burninating the Indiana
Favorite beer: Stone 11th Anniversary Ale
Posts: 12,216
Default

Until LastPass stops being forthright in disclosing vulnerabilities or intrusions, I'll stick with them. The way I look at is that every piece of software has vulnerabilities, so I'll stick to a proven honest company.

Additionally, passwords are too important to go without a password manager, IMO.
__________________
ahow
Badass
Reply With Quote
  #352  
Old 04-03-2017, 02:54 PM
yoyo's Avatar
yoyo yoyo is offline
Member
CAS
 
Join Date: Dec 2001
Posts: 20,667
Default

Quote:
Originally Posted by ahow View Post
Until LastPass stops being forthright in disclosing vulnerabilities or intrusions, I'll stick with them. The way I look at is that every piece of software has vulnerabilities, so I'll stick to a proven honest company.

Additionally, passwords are too important to go without a password manager, IMO.
pretty much what SG said
Reply With Quote
  #353  
Old 04-20-2017, 11:07 AM
Rick_G's Avatar
Rick_G Rick_G is offline
Member
 
Join Date: May 2005
Location: Just south of the Big Chicken
Posts: 2,068
Default

Steve Gibson has a neat utility called the Haystack calculator (needle in a haystack). Adding a few characters to any password can increase the time to defeat a brute force password attack from a few minutes to a few centuries:
https://www.grc.com/haystack.htm
__________________
Rick Groszkiewicz


Now offering online seminars, live seminars, and everything else under the sun for actuarial exams.
EA-2F and EA-2L and EA-1
Reply With Quote
  #354  
Old 05-24-2017, 03:19 PM
ahow's Avatar
ahow ahow is offline
Member
CAS
 
Join Date: Nov 2003
Location: Burninating the Indiana
Favorite beer: Stone 11th Anniversary Ale
Posts: 12,216
Default

1Password just introduced Travel Mode which I hope LastPass copies. Basically, when you turn on travel mode, it completely clears the vaults you don't mark as "travel safe". It doesn't just hide them, it securely deletes them from your devices. Plus it shows no indication items are missing so it has plausible deniability built in.

Pretty sweet feature.

https://blog.agilebits.com/2017/05/1...ssing-borders/
__________________
ahow
Badass
Reply With Quote
  #355  
Old 05-24-2017, 09:31 PM
yoyo's Avatar
yoyo yoyo is offline
Member
CAS
 
Join Date: Dec 2001
Posts: 20,667
Default

Quote:
Originally Posted by ahow View Post
1Password just introduced Travel Mode which I hope LastPass copies. Basically, when you turn on travel mode, it completely clears the vaults you don't mark as "travel safe". It doesn't just hide them, it securely deletes them from your devices. Plus it shows no indication items are missing so it has plausible deniability built in.

Pretty sweet feature.

https://blog.agilebits.com/2017/05/1...ssing-borders/
i don't get it - what's the point/advantage?
Reply With Quote
  #356  
Old 05-25-2017, 09:26 AM
DownInTexas's Avatar
DownInTexas DownInTexas is offline
Member
SOA
 
Join Date: Jul 2008
Studying for modules
Favorite beer: Shiner
Posts: 4,479
Default

Quote:
Originally Posted by yoyo View Post
i don't get it - what's the point/advantage?
In the US, courts have ruled that border agents do not need a warrant to search your devices.

https://www.nytimes.com/2017/02/14/b...ones.html?_r=0
__________________
Unite & Strengthen

2013-2014 EPL Prediction Contest Champion

2016-2017 EPL Prediction Contest Champion
Reply With Quote
  #357  
Old 05-25-2017, 10:51 AM
whisper's Avatar
whisper whisper is offline
Member
CAS AAA
 
Join Date: Jan 2002
Location: Chicago
Favorite beer: Hefewizen
Posts: 33,813
Default

Quote:
Originally Posted by DownInTexas View Post
In the US, courts have ruled that border agents do not need a warrant to search your devices.
Agents have been given broad searching authority, and they have been using that authority to extend it to digital devices. I'm not sure that border agents searching your digital devices has actually been tested in the courts yet.
Reply With Quote
  #358  
Old 05-25-2017, 12:13 PM
ahow's Avatar
ahow ahow is offline
Member
CAS
 
Join Date: Nov 2003
Location: Burninating the Indiana
Favorite beer: Stone 11th Anniversary Ale
Posts: 12,216
Default

Quote:
Originally Posted by whisper View Post
Agents have been given broad searching authority, and they have been using that authority to extend it to digital devices. I'm not sure that border agents searching your digital devices has actually been tested in the courts yet.
I don't believe it's seen a court yet either, but it is basically assumed that there is a 100 mile Constitution-free zone near the borders and also at airports.

The advantage is that if you are compelled at the border to unlock your vault, you could contain the damage of revealing passwords to whatever you chose as travel approved.

The fact that the vaults not approved for travel are completely removed from the device and can only be readded from a separate device adds plausible deniability that you literally can't get to them.
__________________
ahow
Badass
Reply With Quote
  #359  
Old 06-02-2017, 02:32 PM
echo echo is offline
Member
 
Join Date: Nov 2002
Posts: 774
Default

Quote:
Hackers have gained access to OneLogin, an online password manager that offers a single sign-on to multiple websites and services.

OneLogin said in a blog post that it couldn't rule out the possibility that hackers got keys to reading encrypted data, such as stored passwords.

Published reports, however, say OneLogin informed customers that the hackers indeed got that capability.
https://phys.org/news/2017-06-hacker...-onelogin.html

There is one thing of primary importance I would expect from a password manager, security for the passwords.

Last edited by echo; 06-02-2017 at 02:46 PM..
Reply With Quote
  #360  
Old 06-02-2017, 09:45 PM
ahow's Avatar
ahow ahow is offline
Member
CAS
 
Join Date: Nov 2003
Location: Burninating the Indiana
Favorite beer: Stone 11th Anniversary Ale
Posts: 12,216
Default

Quote:
Originally Posted by echo View Post
https://phys.org/news/2017-06-hacker...-onelogin.html

There is one thing of primary importance I would expect from a password manager, security for the passwords.
This just seems odd. On LastPass, your passwords are stored as a private key encrypted blob on LastPass's servers. That means unless they got the encryption key for LastPass's server AND the private key (master password) that I personally control, they really can't do much.

Leaving the server encryption as the only line of defense for a password manager is just stupid and lazy.
__________________
ahow
Badass
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 03:33 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
*PLEASE NOTE: Posts are not checked for accuracy, and do not
represent the views of the Actuarial Outpost or its sponsors.
Page generated in 0.47262 seconds with 12 queries