Mobileread
Barnes & Noble databases hacked
#11  Uncle Robin 10-15-2020, 10:01 AM
Bitwarden does ok for me - I doubt there's much about my life that interests Five Eyes enough to bother cracking the 12-25 character passwords it generates for each website I use. Remembering the master passphrase is much easier than trying to decipher the drunken spider's scrawl that would be any handwritten list I might create.
Reply 

#12  Deskisamess 10-15-2020, 10:23 AM
I've started letting Apple set the complex password for most sites. They are shared to all 3 of my iDevices, and their security is better than most. I also don't let most shopping sites save my payment info, unless it's a site I use regularly.

We use one credit card for most purchases, and can easily check activity. I don't have our main checking account linked to any shopping sites, we have one account we keep low balances in tied to PayPal. But prefer the safety of using the credit card, and Apple Pay when out and about.

The company hubby works for is very serious about security. They routinely send out fake phishing emails etc. to their employees, and employees who fall for them have to go through "Online Safety" meetings etc. They aren't a retail company, but do have government contracts etc. They've done even more of these since the lock-down and so many people working from home using their VPN and company computers. At one time you could use a personal computer with their VPN but they stopped that years ago.
Reply 

#13  gbm 10-15-2020, 10:27 AM
Quote fjtorres
Sensible.

As is, IT thinking on passwords has been evolving and many are rethinking their user system security policies. Biometrics are filtering down to phones and fairly cheap tablets and PCs. Fingerprint readers and, yes, facial recognition, are replacing passwords as the key authentication systems at the user level, even if PIBS and passwords remain as a "se urity blanket". Even security fobs and keys are coming to PCs.

At the corporate level security fobs, keys, and cards and biometrics are the minimum at most well run places and have been for decades.

There's too much compute power out there for even the hardiest password to be trusted for mission critical security.
Using good passwords is ok but I only use a prepaid debit card online with only what I can afford to lose.

I also have two part verification on all email accounts--yes I have about fine email accounts. When my gmail is accessed from a new IP address or new device I get notification on two email accounts and all of my android devices.


bernie
Reply 

#14  fjtorres 10-15-2020, 10:36 AM
It isn't paranoia if they're really outto get you.
Reply 

#15  Uncle Robin 10-15-2020, 10:47 AM
Quote fjtorres
It isn't paranoia if they're really outto get you.
"‘that’s just perfectly normal paranoia. Everyone in the Universe has that.’" - Slartibartfast.
Reply 

#16  j.p.s 10-15-2020, 12:10 PM
Quote Deskisamess
And as Data wonders...
And whether it is attached to the rest of you or not. (e.g. Minority Report)
Reply 

#17  DiapDealer 10-15-2020, 12:55 PM
Quote Uncle Robin
Bitwarden does ok for me - I doubt there's much about my life that interests Five Eyes enough to bother cracking the 12-25 character passwords it generates for each website I use. Remembering the master passphrase is much easier than trying to decipher the drunken spider's scrawl that would be any handwritten list I might create.
Yep. I use Bitwarden (with biometrics that allow me to avoid having to type the master password on my phone) in conjunction with two-factor authentication (Yubikey wherever possible, otherwise authenticator app) on sites where any sensitive personal data is stored. One can even host the Bitwarden server/database on their own in-house hardware if they're extra particular (I'm not).

But all the precautions in the world might not help when someone gets their hands on hardware (either though outright theft or employee negligence)

I control what I can control, and honestly don't worry a lot about the rest (except for being very particular about the number of sites that I will purchase anything from).

I had an account with B&N a long, long time ago, but I've heard nothing from them about this breach. More than likely, that's because I was registered using an email address that's no longer active, and very probably using a credit card I no longer have. *shrug*
Reply 

#18  twowheels 10-15-2020, 01:09 PM
I tried Yubikey for a while, but found it to be too annoying due to not working in all browsers, on all OSes, so I gave up on that and just use TOTP now.

I use KeePass for my password databases, with multiple databases to segregate the risk a bit if one is compromised. I sync the databases myself, and don't use browser plugins for auto-filling the fields.

This works for me, though a few "security features" of some websites make it very difficult at times, for example sites that won't let you paste into the password field, or sites that accept one long password when changing your password, but then won't let you type the same password when trying to log in, or sites that say "you have to use special characters, but not that one!" meaning that I have to generate a few times to get one that'll pass, or sites that have stupidly short maximum lengths, like 8-12 characters (when NIST suggests 12 as the minimum), or even special character requirements at all, they should just require LONG passwords, without any complexity rules since complexity rules actually reduce the possible entropy and reduce the size of the search space for brute force attacks.
Reply 

#19  DiapDealer 10-15-2020, 01:31 PM
I've not run into any snags with Yubikey yet. Of course I only ever use one browser on only 2 OSes. Plus I rarely have emergencies where I absolutely NEED to easily access all of my stuff away from the home/work environment. Also, Yubikey is typically only one of my 2FA options. If I ever run into an emergency where I need to access my stuff with uncooperative OSes/software, there's still the authenticator app backup.
Reply 

#20  GeorgeYellow 10-18-2020, 08:07 PM
So, more days later and a number of NOOK/BnCloud features are still not working, or working intermittently.

For example, Search on an author like "Patterson" will never complete.

Synchronization still seems to be spotty.

More interesting seems to be the lack of notice - if a service drops and a handful of people notice, will it ever come back?
Reply 

 « First  « Prev Next »  Last »  (2/5)
Today's Posts | Search this Thread | Login | Register