Actuarial Outpost
 
Go Back   Actuarial Outpost > Actuarial Discussion Forum > Software & Technology
FlashChat Actuarial Discussion Preliminary Exams CAS/SOA Exams Cyberchat Around the World Suggestions


Reply
 
Thread Tools Display Modes
  #31  
Old 08-18-2010, 01:53 PM
ShakeNBakes's Avatar
ShakeNBakes ShakeNBakes is offline
Official AO Ninja
 
Join Date: May 2005
Location: you can't see me
Studying for my next eye exam
Favorite beer: Guinness - because it's color of ninjas. And delicious.
Posts: 15,855
Default

I have my wifi password on a piece of paper taped to the wireless router. I figure if somebody's breaking into my house, wifi access is the least of my worries.
Reply With Quote
  #32  
Old 08-18-2010, 01:56 PM
E's Avatar
E E is offline
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,719
Default

Quote:
Originally Posted by apparition View Post
assuming one does not keep those stupid passwords which could be guessed visiting social network profile:

with the same level of effort you could either break one of those many passwords or that master password... the rewards are VERY different.. that is arbitrage.. i am sure the market will correct itself..

PS: i really need to study at this point.. should there be interesting posts, i will join you people coming monday.. see you
Respectfully disagree.

Memorable passwords often taken the form of GoRaiders! or Ilovepeas.

Random passwords look like LB9_y-oK.Xq_mAe\#ni/3ux.

The latter would probably take years to crack, the former maybe only a few minutes with the right technology and background information.

And yes, studying is much more productive than talking about this right now, so you're making an excellent choice getting out of here. Good luck.
__________________


Learn how FSA exams are different from the prelims

Registration is open for all of our fall 2017 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | G&H Core | G&H Advanced | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
  #33  
Old 08-18-2010, 01:59 PM
ahow's Avatar
ahow ahow is offline
Member
CAS
 
Join Date: Nov 2003
Location: Burninating the Indiana
Favorite beer: Stone 11th Anniversary Ale
Posts: 12,196
Default

Quote:
Originally Posted by apparition View Post
i dont see the point in the master password.. i thought it existed to save you from the trouble of remembering multiple passwords..
I'm not sure I understand what you are talking about here. I one master password that is long and complex but still memorable by using techniques like 'h8' for 'hate' or '2' for 'to', etc. I could even manage to remember this for about 3 master passwords for my banks, personal, and work LastPass profiles. I certainly cannot and would not want to do this for 84 sites, especially when I rotate passwords on those site regularly.

Quote:
Originally Posted by Kenny View Post
I didn't say you shouldn't store your passwords, I said I doubted the "serious" increase in productivity by having to look up a password and type it in. Clearly, as the level of security and the number of passwords needed increase, the productivity gains would increase, but E's statement was so matter-of-fact as to imply I am wasting half my life because I store my passwords off-line and look them up when I need them. And your single example doesn't change that E's statement was a blanket statement for the world, not for someone that needs 84 different passwords on a daily basis.
The thing is, I covered both ends of the spectrum: it speeds up logging in to frequently used sites and remembers the credentials for sites I rarely use. I'm not sure where the short coming is. Its also synced everywhere I go. Offline passwords are not backed up, encrypted, nor available at internet connected locations.
__________________
ahow
Badass
Reply With Quote
  #34  
Old 08-18-2010, 02:03 PM
ahow's Avatar
ahow ahow is offline
Member
CAS
 
Join Date: Nov 2003
Location: Burninating the Indiana
Favorite beer: Stone 11th Anniversary Ale
Posts: 12,196
Default

Quote:
Originally Posted by ShakeNBakes View Post
so you're saying I can install this at home and still access the passwords and stuff from my work PC?? There is a strict ban on installing software on work PCs.
As I mentioned, if you use LastPass Premium, you get access to their IEAnywhere that is a stand alone program that does not require any installation whatsoever. I have a copy in My Documents with a shortcut in the Startup folder of my Start menu. When my computer at work boots up, IEAnywhere starts automatically. When I open Internet Explorer and go to a stored site, a prompt pops up asking if I want to autologin. Simple.
__________________
ahow
Badass
Reply With Quote
  #35  
Old 08-18-2010, 02:07 PM
Kenny's Avatar
Kenny Kenny is offline
Member
Non-Actuary
 
Join Date: Jan 2003
Posts: 6,974
Default

Quote:
Originally Posted by ahow View Post
I'm not sure I understand what you are talking about here. I one master password that is long and complex but still memorable by using techniques like 'h8' for 'hate' or '2' for 'to', etc. I could even manage to remember this for about 3 master passwords for my banks, personal, and work LastPass profiles. I certainly cannot and would not want to do this for 84 sites, especially when I rotate passwords on those site regularly.



The thing is, I covered both ends of the spectrum: it speeds up logging in to frequently used sites and remembers the credentials for sites I rarely use. I'm not sure where the short coming is. Its also synced everywhere I go. Offline passwords are not backed up, encrypted, nor available at internet connected locations.
Where did I say there was a shortcoming to the choice?
__________________
I am a scientist. I am sorry to disappoint you but I have never seen an elf or a troll. But who am I to exclude their existence? - Arni Bjoernsson
You are stupid and evil and do not know you are stupid and evil. ... Dumb students are educated stupid. - timecube.com
Usually while I'm reading, I'm actually thinking about...midgets riding toy horses - Roto


Reply With Quote
  #36  
Old 08-18-2010, 02:22 PM
vividox's Avatar
vividox vividox is offline
Lead Guitarist
Non-Actuary
 
Join Date: Dec 2008
Favorite beer: Avery Mephistopheles
Posts: 56,034
Default

Quote:
Originally Posted by E View Post
Maybe, but here's what a lot folks don't realize.....

If you're a batman nut and you talk about it a lot on Twitter, Facebook, etc. you're giving hackers a huge head start. People give away so much information about their identities without realizing it, and people tend to pick passwords that are meaningful to them personally.

Just think about it (talking to anyone here that uses memorable passwords). How many of them say something about your personality? Your favorite sports team? Favorite food? Children?

Again, just get a password manager, let it generate gibberish for passwords and get some extra sleep at night.
I've never used an English word or name in a password before. Good luck trying to guess one of them.
__________________
This post was crafted using a special blend of herbs and sarcasm.
Reply With Quote
  #37  
Old 08-18-2010, 02:35 PM
mlschop's Avatar
mlschop mlschop is offline
Member
SOA
 
Join Date: Sep 2005
Posts: 36,234
Default

Few questions:

1) Do these applications come up with random passwords for you? If so, how? Do you point them to the "change your password" page for Service X, and they know to change it on that page? If I have to make up a random 26 character PW for each service, and key it in twice (once into Service X, and once into PWApp) I have little interest.

2) I'm not sure I understand ahow's response to yoyo's question. I get PWApp on my Macbook at home. It works great (YAY!). I come to work and want to log into my bank. I can't install PWApp on my work computer. What do I do exactly?

3) How does this work with multiple page authentication? Many banks are now doing multi-page authentication (UserID -> click -> security question -> click -> PW). Some even add a two part "PW" step (PW = keyed in PW plus different PW keyed in on a virtual keyboard). Any clue how these would be handled with a PWApp?
Reply With Quote
  #38  
Old 08-18-2010, 03:28 PM
E's Avatar
E E is offline
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,719
Default

Quote:
Originally Posted by mlschop View Post
Few questions:

1) Do these applications come up with random passwords for you? If so, how? Do you point them to the "change your password" page for Service X, and they know to change it on that page? If I have to make up a random 26 character PW for each service, and key it in twice (once into Service X, and once into PWApp) I have little interest.
1Password has a secure generator. It's always just a click away using a plugin that 1P installs in all your browsers. You can tell it how long you want it, number of symbols, number of numbers, and other options. It fills the password directly in the password field. If there are 2 fields, it fills both. You never have to physically key it in -- whether you're just joining a site or changing your password there. It updates your database, and you move on.

Quote:

2) I'm not sure I understand ahow's response to yoyo's question. I get PWApp on my Macbook at home. It works great (YAY!). I come to work and want to log into my bank. I can't install PWApp on my work computer. What do I do exactly?
If you use Dropbox and can access it at work, simply log into your Dropbox account and look for 1password.html. It will bring up the app interface right in your browser and ask for your master pwd. Just key it in, copy your password, and copy it into the password field. You never download anything to the computer you're on.

I can get to 99% of the personal sites I need on my mobile phone. I rarely, rarely sign into personal sites at work. If I need to, I usually just pull up the password on my phone and key it in. But it's a rare event for me.

Quote:

3) How does this work with multiple page authentication? Many banks are now doing multi-page authentication (UserID -> click -> security question -> click -> PW). Some even add a two part "PW" step (PW = keyed in PW plus different PW keyed in on a virtual keyboard). Any clue how these would be handled with a PWApp?
1P handles multi pages beautifully. I don't know how, but it does. It even handles those stupid virtual keypads that some banks use. It just fills it in for you. It fills each successive screen until you're in.

I have some bank sites that ask for 4-5 pieces of info across 3 pages before they let me in.
__________________


Learn how FSA exams are different from the prelims

Registration is open for all of our fall 2017 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | G&H Core | G&H Advanced | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
  #39  
Old 08-18-2010, 03:47 PM
E's Avatar
E E is offline
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,719
Default

Quote:
Originally Posted by vividox View Post
I've never used an English word or name in a password before. Good luck trying to guess one of them.
Scenario:

(not necessarily saying this is you, vividox)

You use great, hard-to-guess passwords. Your memory is excellent. Guessing them would be impossible.

You have 5 of them in use across 50 sites. Let's say 10 sites per password.

You happen to use the same password for some, I don't know, actuarial forum and your bank.

A few years go by, and that forum, who keeps their data in a data center in New Jersey loses a server. Some guy new to the data center doesn't properly dispose of the server.

Somebody gets the server that has all those forum passwords, including yours. They now have access to your other sites.

End of scenario.

Servers get compromised a lot. I don't know how many times I've been issued a new credit card because somebody got into a customer database at Retailer XYZ.

A password manager lets you easily create hundreds of different passwords so you're never exposed to this risk. It also makes it easy to routinely change those passwords without going through the mnemonic device olympics each time.
__________________


Learn how FSA exams are different from the prelims

Registration is open for all of our fall 2017 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | G&H Core | G&H Advanced | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
  #40  
Old 08-18-2010, 03:58 PM
vividox's Avatar
vividox vividox is offline
Lead Guitarist
Non-Actuary
 
Join Date: Dec 2008
Favorite beer: Avery Mephistopheles
Posts: 56,034
Default

Quote:
Originally Posted by E View Post
Scenario:

(not necessarily saying this is you, vividox)

You use great, hard-to-guess passwords. Your memory is excellent. Guessing them would be impossible.

You have 5 of them in use across 50 sites. Let's say 10 sites per password.

You happen to use the same password for some, I don't know, actuarial forum and your bank.

A few years go by, and that forum, who keeps their data in a data center in New Jersey loses a server. Some guy new to the data center doesn't properly dispose of the server.

Somebody gets the server that has all those forum passwords, including yours. They now have access to your other sites.

End of scenario.

Servers get compromised a lot. I don't know how many times I've been issued a new credit card because somebody got into a customer database at Retailer XYZ.

A password manager lets you easily create hundreds of different passwords so you're never exposed to this risk. It also makes it easy to routinely change those passwords without going through the mnemonic device olympics each time.
That's pretty much a worse case scenario, and furthermore, if a site did get compromised and cough up its password directory, what are the odds that the person who obtained those passwords would use my username/password in particular, given that there are thousands, maybe hundreds of thousands of other users? Also, how would person know what other sites I'm on?
__________________
This post was crafted using a special blend of herbs and sarcasm.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 01:19 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
*PLEASE NOTE: Posts are not checked for accuracy, and do not
represent the views of the Actuarial Outpost or its sponsors.
Page generated in 0.36360 seconds with 10 queries