Actuarial Outpost
 
Go Back   Actuarial Outpost > Actuarial Discussion Forum > Software & Technology
FlashChat Actuarial Discussion Preliminary Exams CAS/SOA Exams Cyberchat Around the World Suggestions

2016 ACTUARIAL SALARY SURVEYS
Contact DW Simpson for a Personalized Salary Survey

Reply
 
Thread Tools Display Modes
  #51  
Old 08-18-2010, 09:28 PM
E's Avatar
E E is offline
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,812
Default

Quote:
Originally Posted by yoyo View Post
let's say you access personal accounts from your work computer. couldn't IT see those passwords and account logins?
Anything you leave on a work computer is the property of your employer. They can legally do anything they want with it.

Other downsides to using a browser to remember passwords:

* Questionable encryption
* When the hard drive dies, the passwords go with it
* Lack of portability
* Doesn't work across different types of browsers
* Probably doesn't handle as many types of password fields (e.g. virtual keypads)

For a measly $30-$40, you get all that and more. It's a good trade. You can spend $30 in a couple of hours in a bar. Why not spend it once on something that obviously adds lasting value.
__________________


Learn how FSA exams are different from the prelims

Registration is open for all of our spring 2018 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | QFI IRM | G&H Core | G&H Adv | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
  #52  
Old 08-18-2010, 11:30 PM
yoyo's Avatar
yoyo yoyo is offline
Member
CAS
 
Join Date: Dec 2001
Posts: 20,878
Default

Quote:
Originally Posted by E View Post
For a measly $30-$40, you get all that and more. It's a good trade. You can spend $30 in a couple of hours in a bar. Why not spend it once on something that obviously adds lasting value.
so, is lastpass your fav? what about keepass?

how secure is the android app? what happens if you lose the phone?
Reply With Quote
  #53  
Old 08-19-2010, 08:28 AM
JMO's Avatar
JMO JMO is offline
Carol Marler
Non-Actuary
 
Join Date: Sep 2001
Location: Back home again in Indiana
Studying for Nothing actuarial.
Posts: 36,396
Default

Quote:
Originally Posted by E View Post
Scenario:

(not necessarily saying this is you, vividox)

You use great, hard-to-guess passwords. Your memory is excellent. Guessing them would be impossible.

You have 5 of them in use across 50 sites. Let's say 10 sites per password.

You happen to use the same password for some, I don't know, actuarial forum and your bank.

A few years go by, and that forum, who keeps their data in a data center in New Jersey loses a server. Some guy new to the data center doesn't properly dispose of the server.

Somebody gets the server that has all those forum passwords, including yours. They now have access to your other sites.

End of scenario.

Servers get compromised a lot. I don't know how many times I've been issued a new credit card because somebody got into a customer database at Retailer XYZ.

A password manager lets you easily create hundreds of different passwords so you're never exposed to this risk. It also makes it easy to routinely change those passwords without going through the mnemonic device olympics each time.
My AO passswords are never used anywhere else.
And I don't use a password/PIN for banking.
__________________
Carol Marler, "Just My Opinion"

Pluto is no longer a planet and I am no longer an actuary. Please take my opinions as non-actuarial.


My latest favorite quotes, updated Oct 13, 2017.

Spoiler:
I should keep these four permanently.
Quote:
Originally Posted by rekrap View Post
JMO is right
Quote:
Originally Posted by campbell View Post
I agree with JMO.
Quote:
Originally Posted by Westley View Post
And def agree w/ JMO.
Quote:
Originally Posted by MG View Post
This. And everything else JMO wrote.
And this all purpose permanent quote:
Quote:
Originally Posted by Dr T Non-Fan View Post
Yup, it is always someone else's fault.
MORE:
Quote:
Originally Posted by Bro View Post
I recommend you get perspective.
Quote:
Originally Posted by Enough Exams Already View Post
Dude, you can't fail a personality test. It just isn't that kind of test.
Quote:
Originally Posted by Locrian View Post
I'm disappointed I don't get to do both.
Reply With Quote
  #54  
Old 08-19-2010, 09:47 AM
ahow's Avatar
ahow ahow is offline
Member
CAS
 
Join Date: Nov 2003
Location: Burninating the Indiana
Favorite beer: Stone 11th Anniversary Ale
Posts: 12,242
Default

Quote:
Originally Posted by mlschop View Post
Few questions:

1) Do these applications come up with random passwords for you? If so, how? Do you point them to the "change your password" page for Service X, and they know to change it on that page? If I have to make up a random 26 character PW for each service, and key it in twice (once into Service X, and once into PWApp) I have little interest.
In LastPass, most of the time it recognizes you are changing a password or making a new account and will generate a new random password automatically with options on the length, types of characters to use, and will even avoid ambiguous characters like 1, l, 0, o, etc. It also has a "Copy" button and an "Accept button" so no copying necessary. It also keeps a record of each generated password just in case.
Quote:
Originally Posted by mlschop View Post
2) I'm not sure I understand ahow's response to yoyo's question. I get PWApp on my Macbook at home. It works great (YAY!). I come to work and want to log into my bank. I can't install PWApp on my work computer. What do I do exactly?
If you use LastPass Premium and Internet Explorer, IEAnywhere is a portable, non-installed app that doesn't require admin rights so you can use it at work. They also have browser bookmarklets if you prefer.
Quote:
Originally Posted by mlschop View Post
3) How does this work with multiple page authentication? Many banks are now doing multi-page authentication (UserID -> click -> security question -> click -> PW). Some even add a two part "PW" step (PW = keyed in PW plus different PW keyed in on a virtual keyboard). Any clue how these would be handled with a PWApp?
LastPass has an option to "Save all entered data" which is useful for sites that use more fields than just username and password. Like E said, it is amazing to zip through logging in to your banks 4 step website in less than 5 seconds.
__________________
ahow
Badass
Reply With Quote
  #55  
Old 08-19-2010, 09:58 AM
ahow's Avatar
ahow ahow is offline
Member
CAS
 
Join Date: Nov 2003
Location: Burninating the Indiana
Favorite beer: Stone 11th Anniversary Ale
Posts: 12,242
Default

Quote:
Originally Posted by vividox View Post
That's pretty much a worse case scenario, and furthermore, if a site did get compromised and cough up its password directory, what are the odds that the person who obtained those passwords would use my username/password in particular, given that there are thousands, maybe hundreds of thousands of other users? Also, how would person know what other sites I'm on?
Most servers keep logs of what IP address you log in from. Once a hacker has that, they could possibly get to your computer. Once they get to your computer, you have unencrypted cookies that are a part of your browser history which tell what sites you go to. Once they have that list, they are golden. Most of this isn't done by a person either. They have servers that do all this in about half a second and can do millions of these queries in a very short time.
Quote:
Originally Posted by vividox View Post
Because it costs $30-40. Are you a salesman or something?
LastPass is free for the basic version (just the browser plugins and bookmarklets). The premium version is 12/yr and includes the smartphone apps, IEAnywhere, and some other higher security options like double authentication using a USB drive.
Quote:
Originally Posted by ADoubleDot View Post
But your browser does that for free. The "master password" is when you log into windows. I don't see having an extra gatekeeper as being useful. Unless you can use it community computers, but that's a fairly niche need.
Actually, part of setting up LastPass is to import your passwords from FF, Chrome and IE. During this process, it actually shows you all your password in plain text since they are unencrypted. Since they are unencrypted in your browser's password manager, if a hacker gets a virus on your computer, they can easily grab all that info.
Quote:
Originally Posted by yoyo View Post
let's say you access personal accounts from your work computer. couldn't IT see those passwords and account logins?
If you are typing them in by hand, probably yes, since they might have a keylogger installed on your computer. If you use LastPass or 1Password, they obfuscate the copying of the password so no one can see what it is, log the keystrokes, or see the contents of the copy/paste clipboard.
Quote:
Originally Posted by yoyo View Post
so, is lastpass your fav? what about keepass?

how secure is the android app? what happens if you lose the phone?
I like LastPass. E likes 1Password, but it isn't as mature for Windows. Also, for me, 1Password's Dropbox sync doesn't work on my work computer since Dropbox is blocked. I used to use KeePass but it required some macro hacking for logging in to multi-step sites which made it less convenient.
__________________
ahow
Badass
Reply With Quote
  #56  
Old 08-19-2010, 02:28 PM
E's Avatar
E E is offline
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,812
Default

Quote:
Originally Posted by ahow View Post
If you are typing them in by hand, probably yes, since they might have a keylogger installed on your computer. If you use LastPass or 1Password, they obfuscate the copying of the password so no one can see what it is, log the keystrokes, or see the contents of the copy/paste clipboard.
That's a good point by ahow that I forgot to mention.

Another benefit of an autofilling password manager is that it won't give you the autofill option if the domain in the url doesn't match. This provides some basic protection against phishing.

In other words, if you accidentally ended up at mybank.ru instead of mybank.com, you'd immediately know something is up because the password manager isn't letting you autofill. Sometimes all it takes is a brief break to "come to" and realize you're about to be duped.

Again, add all this stuff up, and it's the nominal time and money investment in a password manager is well worth it.
__________________


Learn how FSA exams are different from the prelims

Registration is open for all of our spring 2018 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | QFI IRM | G&H Core | G&H Adv | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
  #57  
Old 08-20-2010, 09:38 AM
ahow's Avatar
ahow ahow is offline
Member
CAS
 
Join Date: Nov 2003
Location: Burninating the Indiana
Favorite beer: Stone 11th Anniversary Ale
Posts: 12,242
Default

From Lifehacker yesterday afternoon:
http://lifehacker.com/5617074/your-p...ong-to-be-safe

Quote:
Your Password Should Be At Least 12 Random Characters Long to Be Safe:
According to a study at Georgia Tech Research Institute, your password should be at least 12 random characters long (and include letters, numbers, and symbols) if you want to consider yourself safe from brute force password hacks. From MSNBC: "'Eight-character passwords are inadequate now ... If eight characters is all you use, and if you restrict your characters to only alphabetic letters, it can be cracked in minutes,' said Richard Boyd, a senior researcher at GTRI." We've highlighted how easily common passwords can be hacked, but even if you've got a system auto-generating your passwords, you may want to make sure you're going for at least 12. It may seem like a lot to remember (because it is), but that's where a great password management solution comes in handy. [MSNBC via @wjrothman]
__________________
ahow
Badass
Reply With Quote
  #58  
Old 08-20-2010, 09:41 AM
E's Avatar
E E is offline
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,812
Default

Quote:
Originally Posted by ahow View Post
From Lifehacker yesterday afternoon:
http://lifehacker.com/5617074/your-p...ong-to-be-safe
Right, and they go on to link to an article recommending a password manager. Shocking!
__________________


Learn how FSA exams are different from the prelims

Registration is open for all of our spring 2018 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | QFI IRM | G&H Core | G&H Adv | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
  #59  
Old 08-20-2010, 11:11 PM
yoyo's Avatar
yoyo yoyo is offline
Member
CAS
 
Join Date: Dec 2001
Posts: 20,878
Default

Steve Gibson has given his seal of approval for LastPass. That's pretty solid for me. I've installed it and just started using it. Pretty slick.
Reply With Quote
  #60  
Old 08-21-2010, 09:38 AM
E's Avatar
E E is offline
Eddie Smith
SOA AAA
 
Join Date: May 2003
College: UGA
Posts: 8,812
Default

Quote:
Originally Posted by yoyo View Post
Steve Gibson has given his seal of approval for LastPass. That's pretty solid for me. I've installed it and just started using it. Pretty slick.
Smart move. As long as you use a strong password for you master password, you'll be in great shape.
__________________


Learn how FSA exams are different from the prelims

Registration is open for all of our spring 2018 FSA exam online seminars:

ILA-LP | ILA-LFV-U | ILA-LFV-C | ILA-LRM | QFI Core | QFI Adv | QFI IRM | G&H Core | G&H Adv | G&H Specialty

Check out our Technical Skills Course: Excel, VBA, Access, brand new R material, and more!

Follow us on Twitter, Facebook, and LinkedIn
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 12:10 PM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
*PLEASE NOTE: Posts are not checked for accuracy, and do not
represent the views of the Actuarial Outpost or its sponsors.
Page generated in 0.41867 seconds with 10 queries