Topic: Identity Theft (Read 17478 times)

Jim Godward · « **Reply #60 on:** December 23, 2007, 10:44:24 PM »

Any of these programs will do a good job and stop all but the most serious and sophisticated searcher. The only way to be absolutely sure is to destroy the disk. That is what we had to do with disks that had classified data on them.

The Limey · « **Reply #61 on:** June 14, 2008, 09:48:27 PM »

Its a big problem here in the UK we even have people going through our bins looking for bank details so everything has to be shredder

Local tax office sent a data disc by local post... it had the details of over 5,000 peoples bank accounts numbers , sort codes and address its never ever been found.

Paul

John From Detroit · « **Reply #62 on:** August 19, 2008, 01:35:00 PM »

In the Membership park I was just at (came back home today in fact) there is a "public" Wi-Fi node for members use, it's calle 1000Trails (Same as the park)

Of course it only works when you are in or near the member lounge/rec room/event room area, (only one Linksys router in the park manager's office in case anyone wants to know)

Strange thing was when I was on my camp site, quite a distance away, I had an "Excellent" signal on a router also called 1000trails, but it was computer-computer not computer-Internet (My software flagged it as different)

I fired up net-stumbler and found the mac address of the 2nd router.. DIFFERENT from the park's router

Reported to management.

macmac · « **Reply #63 on:** September 10, 2008, 04:22:23 AM »

It's recommended that PINs are memorised which is fine except that I have several which I need to use at various levels of frequency. I have several other id numbers for bank accounts which I also have to memorise. It's hard if not impossible to remember all of them reliably.

So, here's a question for you guys knowledgeable about such issues. I use a 10x10 matrix. 10 columns, 10 rows in which I embed my PINs. The remainder of the matrix is filled with random numbers.

I use a master PIN - which IS in my head - to unlock all the other PINs

How secure/insecure is that?

Keith

Ned · « **Reply #64 on:** September 10, 2008, 07:08:02 AM »

What are you securing from? If you forget the master PIN then you've lost all your PINs. You have to write the matrix down, so that's only as secure as your master PIN. In other words, not any more secure, and actually less secure, than just remembering one PIN for all purposes with nothing written down.

RV Roamer · « **Reply #65 on:** September 10, 2008, 09:27:25 AM »

We use an inexpensive program called Password Agent to record IDs, passwords, PINs and related account information. I also store my software license information (Key Codes) in that file. It encrypts the data and has a Master Password, so you still have to remember something. It's a simple program to use.

macmac · « **Reply #66 on:** September 10, 2008, 10:35:36 AM »

Quote from: Ned on September 10, 2008, 07:08:02 AM

What are you securing from? If you forget the master PIN then you've lost all your PINs. You have to write the matrix down, so that's only as secure as your master PIN. In other words, not any more secure, and actually less secure, than just remembering one PIN for all purposes with nothing written down.

I partly agree - I suppose I could have just a single PIN for every account I use and never write it down. But access to all accounts could be had if that PIN were ever discovered (without needing the matrix)

I'm unlikely to forget my MASTER PIN because it's in frequent use to decode all the others. And that PIN needs the matrix - useless on its own.

So is that less insecure do you think? I'm serious - I hope my logic isn't faulty.

Ned · « **Reply #67 on:** September 10, 2008, 10:42:35 AM »

It's insecure in that you have to write down the matrix, and if the master PIN is compromised, then all the other PINs are as well. The purpose of the PIN in the two factor authentication system is that it's never written down, thus can't be compromised. Since a PIN is only 4 digits, it would not be difficult to attack the matrix and once one PIN was validated, all the others would be too. It's the written record that makes your scheme insecure.

macmac · « **Reply #68 on:** September 10, 2008, 10:51:58 AM »

Quote from: Ned on September 10, 2008, 10:42:35 AM

It's insecure in that you have to write down the matrix, and if the master PIN is compromised, then all the other PINs are as well. The purpose of the PIN in the two factor authentication system is that it's never written down, thus can't be compromised. Since a PIN is only 4 digits, it would not be difficult to attack the matrix and once one PIN was validated, all the others would be too. It's the written record that makes your scheme insecure.

good points. I'll have to re-think this....

papahog · « **Reply #69 on:** September 10, 2008, 07:10:03 PM »

I would guess I am not nearly as worried about this as I should be. I use one pin for most everything with a change for different accounts. Easy to remember. However I have a bunch to remember. Passwords, pin numbers, account numbers etc etc. So it is all wrote down on a pad in my safe for when I cannot remember.

Lariat Trucker · « **Reply #70 on:** October 06, 2008, 05:57:13 AM »

We had an unusual thing happen this past weekend. The Private Campground we stayed at had Wireless so I decided to link up and check e-mail.

For some unknown reason my laptop would not allow me to use Internet Explorer even though I was connected to the Wireless. I went in and looked at my security software and found that it had blocked the connection due to some security problem. My neighbor at the Campground was from Michigan and said it has become quite a problem at campgrounds close to interstates. Hackers go into the wireless systems and watch the activity of the users! Not just Campgrounds but Hotels and Truck Stops are being hacked into. I found several references to this problem on the internet. It has changed my use habits on open wireless systems.

papahog · « **Reply #71 on:** October 06, 2008, 11:09:39 AM »

Wireless Card for my laptop. Always on where cell service is possible, secure and its mine. $60 a month is cheap for the peace of mind I get.

macmac · « **Reply #72 on:** October 06, 2008, 11:48:54 AM »

Quote from: macmac on September 10, 2008, 10:51:58 AM

good points. I'll have to re-think this....

I have thought further about this but can't see how I can devise a simple system, which is any more secure and which I can keep at hand to deal with the many PINs I use. (without needing a computer etc)

I need something which allows me to look up any of several PINs which I use for day to day financial activity. I use them on a regular basis, those most often used I can remember more readily. But my memory is simply not up to remembering all of them.

If I write them down, and the list is compromised, the security of all the cards is compromised.

If I have them recorded as at present, a master PIN is needed to be able to read them. I agree that if the Master PIN is found out all the rest become available, but it's one step less insecure than the above.

What do others do in a similar situation?

Tom · « **Reply #73 on:** October 06, 2008, 12:03:28 PM »

Keith,

Taking a cue from forum member Terry Brewer, I put all my passwords and PINs on a thumb drive (aka jump drive). They're encrypted and are accessed by software on my PC which requires a master password that is only in my head. If I lose the laptop, the passwords aren't on it. If I lose the thumb drive, the software isn't on it to access the passwords. If lose both together, the master password doesn't reside on either. IIRC Terry has his thumb drive on a chain around his neck.

If I need to access a secure site and can't recall the respective password, I pop the thumb drive into a USB port, fire up the application, and enter the master password. I can then either read the PW or copy it to the clipboard and paste into the login form. I define how long the password stays on the clipboard.

macmac · « **Reply #74 on:** October 06, 2008, 12:39:40 PM »

Quote from: Tom on October 06, 2008, 12:03:28 PM

Keith,

Taking a cue from forum member Terry Brewer, I put all my passwords and PINs on a thumb drive (aka jump drive). They're encrypted and are accessed by software on my PC which requires a master password that is only in my head. If I lose the laptop, the passwords aren't on it. If I lose the thumb drive, the software isn't on it to access the passwords. If lose both together, the master password doesn't reside on either. IIRC Terry has his thumb drive on a chain around his neck.

If I need to access a secure site and can't recall the respective password, I pop the thumb drive into a USB port, fire up the application, and enter the master password. I can then either read the PW or copy it to the clipboard and paste into the login form. I define how long the password stays on the clipboard.

Hi Tom

Yes that's a good idea for online use but no good if you're trying to use your card at a merchant's for example or if you're away from your computer.

For the life of me I can't see how I can do anything other than to have a written record as I presently have.

Keith

papahog · « **Reply #75 on:** October 06, 2008, 12:58:23 PM »

One nice thing about being broke. I can not get hurt very bad if the worse happens.

$:-\$

Tom · « **Reply #76 on:** October 06, 2008, 01:52:44 PM »

Good point Keith. Might have to limit yourself to internet shopping.

Used to be I could memorize a phone book, but that ability started slipping some time ago. Now I have a hard time remembering my neighbor's house number, and have no clue what the registration numbers of our cars are. OTOH I can still recall useless things like my NHS number and my BSC employee and clock numbers, which I haven't used in 30 and 40 years respectively. Maybe I should use them as PIN numbers.

Tim Lassen · « **Reply #77 on:** February 08, 2009, 07:21:59 PM »

Anything I do online or in person usually doesn't require that I provide a pin number unless I am transferring funds from one bank to another which is usually online. I rarely use a bank card. If I remember correctly bank cards are same as cash, so not necessarily protected by the card company. I keep pin numbers and all other passwords, etc. on a thumb drive which I keep in a small fireproof safe that sets near my desk or when traveling in a smaller fireproof safe. The info is on a spreadsheet with a password that some may be able to get around but Marsha can't so I am safe..tim

macmac · « **Reply #78 on:** February 08, 2009, 09:07:21 PM »

Quote from: Tim Lassen on February 08, 2009, 07:21:59 PM

Anything I do online or in person usually doesn't require that I provide a pin number unless I am transferring funds from one bank to another which is usually online. I rarely use a bank card. If I remember correctly bank cards are same as cash, so not necessarily protected by the card company. I keep pin numbers and all other passwords, etc. on a thumb drive which I keep in a small fireproof safe that sets near my desk or when traveling in a smaller fireproof safe. The info is on a spreadsheet with a password that some may be able to get around but Marsha can't so I am safe..tim

Be thankful that Chip and PIN, as used in our homeland UK, isn't in use in North America extensively. But your time may well be coming

We had to use a PIN when making transactions in Canada 2007 - they already have card readers in use - at least in the places we visited...

At home we routinely use PINs for all on-the-spot transactions, debit and credit alike - we don't use a signature any longer. The next procedure will be having to use home mini-card readers online. Ours is due to be delivered to our home late March so that will be one more thing we have to learn to use when accessing our bank accounts or buying goods. How that will work when we're trying to access our UK accounts from the USA we just don't know.

Watch this space.

Tim Lassen · « **Reply #79 on:** February 09, 2009, 01:24:10 AM »

Full body and eye scans are probably next..tim

Jeanne M · « **Reply #80 on:** April 24, 2009, 12:03:30 PM »

There is one thing I haven't seen mentioned here and it doesn't even involve a computer. A few years back we had our house tented for termites. Having never been tented before, we didn't know they had to leave windows open. Consequently, while we were gone overnight, someone robbed our house. (We believe it was an inside job). We found out from the police that this was a regular practice and these thieves know what equipment they need to be able to stay inside with all that poison, while taking their time ransacking homes. The thieves actually broke into our locked file cabinet and stole our credit card statement files and began charging away. They only got $75 before Discover shut the card down. However, this is where we learned from our police force to NEVER discard anything with your name and address on it. Since then we never have. We rip our names off of even the most insignificant piece of junk mail and shred our name. Apparently all they need is a valid name and address to begin ruining your life.

One more thing, sometimes it's who you'd least suspect to rip you off...I caught a city worker driving a city truck plundering our mailbox. When he saw me he quickly walked back to his truck and took off like a bat outta...you know where....and by the time I realized what was up, he was gone and I didn't get his license number. Now we have a locking mailbox.

It doesn't always have a computer involved...

Ned · « **Reply #81 on:** April 24, 2009, 12:21:20 PM »

If it were as simple as just having a name and address, there would be no phone books. A thief doesn't need to steal a piece of paper with your name and address, he can do a search on Google on either your name or address and find out all he needs to know about you.

Jeanne M · « **Reply #82 on:** April 24, 2009, 12:26:47 PM »

You're right...but I'm not making it easier for them by providing it to them in my own trash...and to do a search online for my 'exact' name they have to 'know' it. Sure they can do a batch search...but no matter what, I am NOT handing it to them in a garbage bag!

News:

Author Topic: Identity Theft (Read 17478 times)