AudioDoctor Posted April 30, 2019 Share Posted April 30, 2019 1 hour ago, Jud said: There are a few of these apps. I use LastPass. You want to look at how securely they hold your information, since they make quite tempting targets. I was using last pass, I quit for a reason I can't remember right now. I will try to remember and get back to you. No electron left behind. Link to comment
AudioDoctor Posted April 30, 2019 Share Posted April 30, 2019 2 hours ago, Paul R said: Does it supply two phase authentication in any way? I am finding that is about the only thing that slows down the bad guys if they are really intent on getting into your account. -Paul You mean 2 factor? yes, via the YubiKey and an Authenticator app. There is also a secret key that is only on my computer, and my master password that is only in my head, needed to get into my account. So even if by some miracle you figured out my password, you would still need my secret key and code from my authenticator app to decrypt anything. https://support.1password.com/yubikey/ No electron left behind. Link to comment
AudioDoctor Posted April 30, 2019 Share Posted April 30, 2019 @Jud, if I had previously logged in at my computer, I am not screwed as the app then remembers that computer and won't ask for it (the authenticator app code) there again. I would just be out a phone that would be utterly useless to anyone but me. No electron left behind. Link to comment
Paul R Posted April 30, 2019 Share Posted April 30, 2019 45 minutes ago, AudioDoctor said: You mean 2 factor? yes, via the YubiKey and an Authenticator app. There is also a secret key that is only on my computer, and my master password that is only in my head, needed to get into my account. So even if by some miracle you figured out my password, you would still need my secret key and code from my authenticator app to decrypt anything. https://support.1password.com/yubikey/ Well, two phase, two factor, and two step authentication are all a bit different one from the other. but any of them is better than nothing. I like the way you are setup. It is quite similar to mine. -Paul Anyone who considers protocol unimportant has never dealt with a cat DAC. Robert A. Heinlein Link to comment
Jud Posted April 30, 2019 Author Share Posted April 30, 2019 43 minutes ago, AudioDoctor said: @Jud, if I had previously logged in at my computer, I am not screwed as the app then remembers that computer and won't ask for it (the authenticator app code) there again. I would just be out a phone that would be utterly useless to anyone but me. If you want it to work that way. More secure to do 2FA all the time. One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
Jud Posted April 30, 2019 Author Share Posted April 30, 2019 59 minutes ago, AudioDoctor said: I was using last pass, I quit for a reason I can't remember right now. I will try to remember and get back to you. Friend who does neurology research (formerly in Europe, then was recruited to China - time was that would have been the US) recommended it over others. One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
Jud Posted April 30, 2019 Author Share Posted April 30, 2019 2 hours ago, Paul R said: How so? They would either need my fingerprint or my face to do 2Phase authentication. It isn't perfect, but it is significantly better than a password by itself. Besides, if someone steals my phone it is going to get bricked pretty much the first time they use it. -Paul The way I would attack this is to switch the face or fingerprint attached to the "Paul R" record on your phone. But I'd have to get hold of your phone while it was "awake." Edit: Actually that's not true, at least on iPhone. You can enter a PIN instead. One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
Paul R Posted April 30, 2019 Share Posted April 30, 2019 10 minutes ago, Jud said: The way I would attack this is to switch the face or fingerprint attached to the "Paul R" record on your phone. But I'd have to get hold of your phone while it was "awake." Edit: Actually that's not true, at least on iPhone. You can enter a PIN instead. Yep, but 10 entries of an incorrect PIN bricks the phone. To change the fingerprint entries, you need either the password or my fingerprint. Like I said, it isn't possibly to circumvent by any means, but it is difficult enough to keep the kiddies out... The way you are doing it is probably better though. -Paul Anyone who considers protocol unimportant has never dealt with a cat DAC. Robert A. Heinlein Link to comment
Jud Posted April 30, 2019 Author Share Posted April 30, 2019 2 minutes ago, Paul R said: Yep, but 10 entries of an incorrect PIN bricks the phone. To change the fingerprint entries, you need either the password or my fingerprint. If I steal your phone, hack your computer to find your probable password and change the fingerprint and associated records, how do you prove it's your phone? 😉 One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
AudioDoctor Posted May 1, 2019 Share Posted May 1, 2019 2 hours ago, Jud said: If you want it to work that way. More secure to do 2FA all the time. Jud, you seem a bit paranoid about all this? Are you hiding state secrets on your computer or communicating with Julian Assange? Who on earth is going to go through all the trouble to circumvent 2FA to get at my computer only to see how boring I am? No electron left behind. Link to comment
AudioDoctor Posted May 1, 2019 Share Posted May 1, 2019 2 hours ago, Jud said: Friend who does neurology research (formerly in Europe, then was recruited to China - time was that would have been the US) recommended it over others. If I remember correctly it was because LastPass stopped working reliably on Mac and the support from them was nonexistent. No electron left behind. Link to comment
Paul R Posted May 1, 2019 Share Posted May 1, 2019 1 hour ago, Jud said: If I steal your phone, hack your computer to find your probable password and change the fingerprint and associated records, how do you prove it's your phone? 😉 The SIM record, which has it's own set of protections. I see what you are saying, but first, my phone and my computer both have multiple authorizations on them, and the apps on the phone also have multiple authorizations. So I someone gained access to the phone, and changed the fingerprint record, the first thing that would happen is all my other devices would get a request to approve access for the phone. Again, it is not perfect, but it isn't as easy to hack through - for normal people at least - as it might look like. If I were to draw the attention or ire of one of the people who could hack that, I would be hosed anyway. No defending against those kinds of folks, at least, not practically. Jud 1 Anyone who considers protocol unimportant has never dealt with a cat DAC. Robert A. Heinlein Link to comment
AudioDoctor Posted May 1, 2019 Share Posted May 1, 2019 I suppose someone could publish all the love letters I've written to my wife... Not that it would be embarrassing. Everyone would see how much I love her is all. Then their wives would be jealous that their men don't write them love letters, and then the men would get mad at me for making them look bad, etc... I guess that could be bad. lucretius 1 No electron left behind. Link to comment
AudioDoctor Posted May 1, 2019 Share Posted May 1, 2019 @Paul R You see, what @Jud is going to do is send a pack of Ninjas to get your phone while you sleep, open it with your fingerprint and/or face without waking you, and then they'll leave quietly with your phone so he can change the information in it, and then after that, he will log in and post Borat quotes all over Audiophile Style under your username... 😉 No electron left behind. Link to comment
Paul R Posted May 1, 2019 Share Posted May 1, 2019 22 minutes ago, AudioDoctor said: @Paul R You see, what @Jud is going to do is send a pack of Ninjas to get your phone while you sleep, open it with your fingerprint and/or face without waking you, and then they'll leave quietly with your phone so he can change the information in it, and then after that, he will log in and post Borat quotes all over Audiophile Style under your username... 😉 Ah.. another cunning plan! (To take over the world!). Only problem is Ninjas would never make it past the cats. They don't take kindly to strangers, especially when they are trying to nap. (Which being cats, is pretty much all the time... ) Anyone who considers protocol unimportant has never dealt with a cat DAC. Robert A. Heinlein Link to comment
AudioDoctor Posted May 1, 2019 Share Posted May 1, 2019 they're Ninjas, they'll figure it out! Wait... Are you saying that this is @Jud No electron left behind. Link to comment
Paul R Posted May 1, 2019 Share Posted May 1, 2019 53 minutes ago, AudioDoctor said: they're Ninjas, they'll figure it out! Wait... Are you saying that this is @Jud Got it in one. Ninjas beware... AudioDoctor 1 Anyone who considers protocol unimportant has never dealt with a cat DAC. Robert A. Heinlein Link to comment
Jud Posted May 1, 2019 Author Share Posted May 1, 2019 3 hours ago, AudioDoctor said: I suppose someone could publish all the love letters I've written to my wife... Not that it would be embarrassing. Everyone would see how much I love her is all. Then their wives would be jealous that their men don't write them love letters, and then the men would get mad at me for making them look bad, etc... I guess that could be bad. Medical records, with the wealth of personal and financial information they contain, are worth more to people willing to pay for that sort of thing than many other types of personal information. Any chance someone could use info on your phone to access systems at the practice(s) or hospital(s) where you work? One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
R1200CL Posted May 1, 2019 Share Posted May 1, 2019 https://www.cnet.com/news/cloud-database-removed-after-exposing-details-on-80-million-us-households/?ftag=COS-05-10aaa0b&linkId=66698191 Link to comment
AudioDoctor Posted May 1, 2019 Share Posted May 1, 2019 10 hours ago, Jud said: Medical records, with the wealth of personal and financial information they contain, are worth more to people willing to pay for that sort of thing than many other types of personal information. Any chance someone could use info on your phone to access systems at the practice(s) or hospital(s) where you work? Three things. 1) I am not practicing right now and 2) Are they going to steal my fingers too? Maybe a hand? Or torture me until I give them the passcode to my phone and computer? heck, I even have a firmware password and encrypted drives. 3) Who on earth is going to come after me, and go through all the effort, to get at the files I have here and have access to? No electron left behind. Link to comment
daverich4 Posted May 1, 2019 Share Posted May 1, 2019 15 hours ago, AudioDoctor said: Jud, you seem a bit paranoid about all this? Are you hiding state secrets on your computer or communicating with Julian Assange? Who on earth is going to go through all the trouble to circumvent 2FA to get at my computer only to see how boring I am? Maybe to get access to your email? Pretty much anyone will send a reset password link to your email. Your broker, your bank, your? Link to comment
mansr Posted May 1, 2019 Share Posted May 1, 2019 4 minutes ago, daverich4 said: Maybe to get access to your email? Pretty much anyone will send a reset password link to your email. Your broker, your bank, your? My bank does not send a simple password reset link. You have to phone them and provide a bunch of information to prove you are who you say, or visit a branch in person. Link to comment
Jud Posted May 1, 2019 Author Share Posted May 1, 2019 2 hours ago, AudioDoctor said: Three things. 1) I am not practicing right now and 2) Are they going to steal my fingers too? Maybe a hand? Or torture me until I give them the passcode to my phone and computer? heck, I even have a firmware password and encrypted drives. 3) Who on earth is going to come after me, and go through all the effort, to get at the files I have here and have access to? As mentioned before, the idea with biometrics isn't to steal body parts, it's the far easier task of hacking records attached to the biometrics so that someone else's face or fingerprints are now the key to your documents. I attend a law conference every year in DC on various aspects of HIPAA - privacy, security, standardized healthcare transactions. Besides amusing stuff like reports about proof of concept of remote hacking of medical equipment (pacemakers and insulin pumps are favorite targets - it's entirely possible these days to remotely send someone into arrythmia or insulin shock), there are reports about security breaches and attempts. A couple of meetings ago, a small hospital in upstate NY reported on records of hacking attempts. There were thousands per day from the PRC alone. Very few people in the health field who are associated with a group practice or hospital, even a small rural/suburban one, are too obscure for hacking attempts anymore. It's nothing personal, it's just a bunch of automated stuff crawling the web, devices, etc., looking for vulnerabilities. One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
Samuel T Cogley Posted May 1, 2019 Share Posted May 1, 2019 1 hour ago, Jud said: There were thousands per day from the PRC alone. Very few people in the health field who are associated with a group practice or hospital, even a small rural/suburban one, are too obscure for hacking attempts anymore. It's nothing personal, it's just a bunch of automated stuff crawling the web, devices, etc., looking for vulnerabilities. And vulnerabilities are often exploited not by bots hammering your firewall, but by phish emails that compromise your network from the inside, then leverage known exploits. Bots not only attempt to beat down your firewall, they also are spamming you 24/7/365. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now