Actuarial Outpost
 
Go Back   Actuarial Outpost > Actuarial Discussion Forum > Software & Technology
FlashChat Actuarial Discussion Preliminary Exams CAS/SOA Exams Cyberchat Around the World Suggestions


Upload your resume securely at https://www.dwsimpson.com
to be contacted when new jobs meet your skills and objectives.


Reply
 
Thread Tools Display Modes
  #21  
Old 08-18-2010, 01:03 PM
ShakeNBakes's Avatar
ShakeNBakes ShakeNBakes is offline
Official AO Ninja
 
Join Date: May 2005
Location: you can't see me
Studying for my next eye exam
Favorite beer: Guinness - because it's color of ninjas. And delicious.
Posts: 15,855
Default

Quote:
Originally Posted by ahow View Post
Yep, you can do it that way if you are on a computer that you somewhat trust. If you are on a public terminal at the airport or something, you can also get a Yubikey or use Sesame on a USB thumbdrive to do double authentication (they know its you because they recognize the USB key AND the master password). It has a virtual keyboard built in so you can avoid keyloggers as well for typing your master password.

Here are the features for the free version:
https://lastpass.com/features_free.php

And the $12/yr premium version:
https://lastpass.com/features_premium.php
so you're saying I can install this at home and still access the passwords and stuff from my work PC?? There is a strict ban on installing software on work PCs.
Reply With Quote
  #22  
Old 08-18-2010, 01:08 PM
apparition's Avatar
apparition apparition is offline
Member
 
Join Date: May 2009
Posts: 1,093
Default

Quote:
Originally Posted by ahow View Post
On LastPass anyway, you can create multiple sub-profiles with different master passwords, so you could have a master password for banks, one for social media, one for work stuff, etc. If one of those gets compromised, at least is it only for that segment. Assuming you have a strong set of master passwords and aren't at gunpoint, it should be pretty safe and diverse.
i dont see the point in the master password.. i thought it existed to save you from the trouble of remembering multiple passwords..
Reply With Quote
  #23  
Old 08-18-2010, 01:12 PM
apparition's Avatar
apparition apparition is offline
Member
 
Join Date: May 2009
Posts: 1,093
Default

Quote:
Originally Posted by ahow View Post
Assuming you have a strong set of passwords and aren't at gunpoint, it should be pretty safe and diverse, and you wouldn't need any kind of password managers
IFYP
Reply With Quote
  #24  
Old 08-18-2010, 01:20 PM
Pseudolus's Avatar
Pseudolus Pseudolus is offline
Member
 
Join Date: Nov 2001
Location: Kooey Kooey Kooey
Favorite beer: Four Loko
Posts: 63,846
Default

Or you could just PM me all your passwords. Then ask me for them when you need them. I specialize in bank accounts and pay pr0n sites!
__________________
Eunt anni more fluentis aquae
Nec quae praeteriit, iterum revocabitur unda

Reply With Quote
  #25  
Old 08-18-2010, 01:31 PM
E's Avatar
E E is online now
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,694
Default

Quote:
Originally Posted by apparition View Post
all you need for a huge disaster is that you either mess up this master password or it somehow gets compromised..

that is zero diversification.. messing up one password is one disaster, messing up this master password is a master disaster..
This is the most common argument I hear against my strategy.

The reality:

  • Most people only have a handful of passwords -- often easily guessed by simply browsing a social network profile or just trying common words. People use these repeatedly (100s of times not even realizing it). One server gets hacked, and the bad guy has access to all your locks. How's that for diversification.
  • Putting varied, long, secure passwords behind one very secure vault collapses your vulnerability points from many to a single point of failure that you control.
  • Password managers make changing passwords routinely a snap. They generate secure passwords for you. All you do is click buttons to make it happen. A monkey could do it.
Is any password strategy 100% foolproof? No.

Is a strategy with a single point of failure better than one with multiple points? Yes.
__________________


Registration is open for all of our spring/fall 2017 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | G&H Core | G&H Advanced | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn

Last edited by E; 08-18-2010 at 01:41 PM..
Reply With Quote
  #26  
Old 08-18-2010, 01:35 PM
E's Avatar
E E is online now
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,694
Default

Quote:
Originally Posted by vividox View Post

Simple sentences such as "iambatman" or "ilikecereal" take weeks to solve.
Maybe, but here's what a lot folks don't realize.....

If you're a batman nut and you talk about it a lot on Twitter, Facebook, etc. you're giving hackers a huge head start. People give away so much information about their identities without realizing it, and people tend to pick passwords that are meaningful to them personally.

Just think about it (talking to anyone here that uses memorable passwords). How many of them say something about your personality? Your favorite sports team? Favorite food? Children?

Again, just get a password manager, let it generate gibberish for passwords and get some extra sleep at night.
__________________


Registration is open for all of our spring/fall 2017 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | G&H Core | G&H Advanced | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
  #27  
Old 08-18-2010, 01:39 PM
E's Avatar
E E is online now
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,694
Default

Quote:
Originally Posted by ADoubleDot View Post
That's E for ya. Welcome to S&T.
Don't hate on the hyperbole.
__________________


Registration is open for all of our spring/fall 2017 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | G&H Core | G&H Advanced | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
  #28  
Old 08-18-2010, 01:44 PM
Kenny's Avatar
Kenny Kenny is offline
Member
Non-Actuary
 
Join Date: Jan 2003
Posts: 6,939
Default

Quote:
Originally Posted by ahow View Post
Absolutely not. Here is an example of one of my passwords (note, not actual password, just an example of what one might look like):

g943UJ$7eA7d52ax

Its virtually uncrackable, no one could ever remember it, when I go to the bank/email/facebook website, a yellow bar pops up at the top of the site saying, "Do you want to log in?" I click the "Log In" button and it pastes a 16+ randomized password containing upper and lowercase letters, numbers and symbols in for me. No only that, but I can share access to my accounts without revealing the password to them. Helpful if I am going to need someone to check an account for me while I'm away. I have 84 sites that I've save the username and passwords for.

I would actually argue that site that you don't log in to often are prime sites to use something like LastPass for since there are sites I visit every few months and it usually takes a couple of guesses as to whether the username is one of three that I use on different sites or an email address. Then I have to remember which version of my password I used. If I fail at either of these, I have to do the "Forgot password/username" route and then I have to remember my security question answers.

From a security standpoint, password managers keep your password obfuscated when entering it into a form so keyloggers and other viruses and malware can't get to it.

Unless you just don't go online, I would recommend this as a recommended tool for browsing.
I didn't say you shouldn't store your passwords, I said I doubted the "serious" increase in productivity by having to look up a password and type it in. Clearly, as the level of security and the number of passwords needed increase, the productivity gains would increase, but E's statement was so matter-of-fact as to imply I am wasting half my life because I store my passwords off-line and look them up when I need them. And your single example doesn't change that E's statement was a blanket statement for the world, not for someone that needs 84 different passwords on a daily basis.
__________________
I am a scientist. I am sorry to disappoint you but I have never seen an elf or a troll. But who am I to exclude their existence? - Arni Bjoernsson
You are stupid and evil and do not know you are stupid and evil. ... Dumb students are educated stupid. - timecube.com
Usually while I'm reading, I'm actually thinking about...midgets riding toy horses - Roto


Reply With Quote
  #29  
Old 08-18-2010, 01:46 PM
apparition's Avatar
apparition apparition is offline
Member
 
Join Date: May 2009
Posts: 1,093
Default

assuming one does not keep those stupid passwords which could be guessed visiting social network profile:

with the same level of effort you could either break one of those many passwords or that master password... the rewards are VERY different.. that is arbitrage.. i am sure the market will correct itself..

PS: i really need to study at this point.. should there be interesting posts, i will join you people coming monday.. see you
Reply With Quote
  #30  
Old 08-18-2010, 01:49 PM
E's Avatar
E E is online now
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,694
Default

Quote:
Originally Posted by Kenny View Post
I didn't say you shouldn't store your passwords, I said I doubted the "serious" increase in productivity by having to look up a password and type it in. Clearly, as the level of security and the number of passwords needed increase, the productivity gains would increase, but E's statement was so matter-of-fact as to imply I am wasting half my life because I store my passwords off-line and look them up when I need them. And your single example doesn't change that E's statement was a blanket statement for the world, not for someone that needs 84 different passwords on a daily basis.
I'm admittedly a nut for improving productivity. I like the fact that I don't have to type in passwords. I have a need to do it daily.

What's also nice is not having to hunt for my wifi password at home every time I need to give it to a guest.

1Password also stores all my software license keys so those are immediately available if I reinstall software. I even store some credit card info in there because I don't like to carry a lot of cards with me.

In the end, it's simply a matter of making information immediately accessible so I don't have to physically search for it and manually enter it.

Will it change your life and bring you closer to enlightenment? Probably not. But it's always nice to put mundane things on autopilot.
__________________


Registration is open for all of our spring/fall 2017 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | G&H Core | G&H Advanced | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 09:42 PM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
*PLEASE NOTE: Posts are not checked for accuracy, and do not
represent the views of the Actuarial Outpost or its sponsors.
Page generated in 0.15327 seconds with 10 queries