PayPal – We value your feedback

Having just completed a transaction on PayPal I realised that it was using SMS as a second factor of authentication (2FA). This has been shown to be insecure so I was looking to see how to change it to a time based token eg Google Authenticator App or use my UbiKey.

The option does not exist.

After searching – PayPal prompted me to complete a survey which I duly completed.
How likely are you to recommend PayPal (0 to 10) – I scored a 5.

How surprised was I when “The survey could not be submitted”.
Cynical? Just a little bit!

Krebs On Security

Yes I’m a geek, I like to know how things work. I also know that the best way to understand things is to look at them when they are broken.

Brian’s site Krebs On Security gives a detailed view of any security issues are are prevalent. I don’t pretend to understand all the details but I at least like to understand that “something” is happening!

 

Continue reading Krebs On Security

Online Banking Security – Password Limitations

Money

I use a password manager.
I have a different password for every site.
My passwords are as long and as random as they can be.
I’m extra wary about online banking setup due to the impact of any breach.

I was setting up a new account with a well known high street bank last night and was amazed that:

The password can only be a maximum of 12 characters.
The password can only contain alphanumeric characters – no punctuation allowed.

There is a secondary question (and two questions for password resets) – these questions are pre-defined and there is no option to choose your own question. (Is my mothers maiden name or my first employer really a secret?)

My Solution

Don’t answer the questions that are being asked. Store (in the password manager) a long random password that DOES include all available characters against the questions being asked.

Another pet peeve – don’t ask me to provide a subset of characters from my password unless you can explain to me how you can resolve this by only storing a salted hash of my password rather than storing it in plain text.

New Toy – Enhanced Security

I just treated myself to one of these.

Still getting it enabled everywhere but looking good so far.

Security – TrueCrypt – Encrypt Your Files

I was recently asked by a customer what steps we take to secure their files. I always use TrueCrypt to encrypt all customer files. This is an overview of how you can use TrueCrypt.

TrueCrypt gives you the ability to store information in a hidden partition that is secure from prying eyes.
Just as importantly the software is easy to use, being almost seamless in use.
Continue reading Security – TrueCrypt – Encrypt Your Files