Comments on: Keeping your passwords in one place http://www.intelliot.com/blog/archives/2007/08/31/keeping-your-passwords-in-one-place/ Thoughts, opinions and fascinating discoveries by Elliot, a student at USC Sun, 06 Jul 2008 00:39:00 +0000 http://wordpress.org/?v=2.5.1 By: Trevor Johns http://www.intelliot.com/blog/archives/2007/08/31/keeping-your-passwords-in-one-place/#comment-314488 Trevor Johns Wed, 19 Sep 2007 07:51:42 +0000 http://www.intelliot.com/blog/archives/2007/08/31/keeping-your-passwords-in-one-place/#comment-314488 First off, there's more at stake from having credentials stolen then just fraudulent purchases. A malicious user could publish libelous material in your name, access confidential documents, or use your source control privileges to introduce a backdoor into a software project. The damage from any of these things would be immeasurable, and all the federal regulations in the world won't help. That being said, just about everybody online already "keeps all of their eggs in one basket", they just don't realize it. Because most services online allow users to retrieve or reset their password via email, once somebody's email account has been compromised, every other account online that is linked to that address should also be considered compromised. To give credit where it's due, this was pointed out to me in a tech talk by Simon Wilson, who was using a similar argument to illustrate out why OpenID isn't any more dangerous than current sign-on systems. If you're curious, here's the video: http://video.google.com/videoplay?docid=2288395847791059857 First off, there’s more at stake from having credentials stolen then just fraudulent purchases. A malicious user could publish libelous material in your name, access confidential documents, or use your source control privileges to introduce a backdoor into a software project. The damage from any of these things would be immeasurable, and all the federal regulations in the world won’t help.

That being said, just about everybody online already “keeps all of their eggs in one basket”, they just don’t realize it. Because most services online allow users to retrieve or reset their password via email, once somebody’s email account has been compromised, every other account online that is linked to that address should also be considered compromised.

To give credit where it’s due, this was pointed out to me in a tech talk by Simon Wilson, who was using a similar argument to illustrate out why OpenID isn’t any more dangerous than current sign-on systems. If you’re curious, here’s the video:

http://video.google.com/videoplay?docid=2288395847791059857

]]> By: AntonEgo http://www.intelliot.com/blog/archives/2007/08/31/keeping-your-passwords-in-one-place/#comment-307572 AntonEgo Tue, 04 Sep 2007 16:15:32 +0000 http://www.intelliot.com/blog/archives/2007/08/31/keeping-your-passwords-in-one-place/#comment-307572 Your thinking is out of the box but basically sound. Reg E is a set of rules issued by the Federal Reserve governing electronic transactions that include online banking, ATM withdrawals and debit card payments. The bottom line is that consumers who act quickly are protected and will only be liable up to $50. Consumers must notify their bank of the fraud within 2 business days. Wait 3 days and the liability goes up to $500. And if a consumer waits more than 60 days the liability is unlimited -- but only for transactions after the 60 days has expired. Reg E rules are designed to encourage consumers to feel safe about electronic transactions. Even if a consumer has acted negligently and succumbed to a phishing attack and given away personal identification information that led to the fraud they will be protected. So yeah -- use a service like Yodlee to stay on top of all your accounts, anytime, anywhere. Apart from the benefits of knowing where you spend your money each month, you'll know instantly if someone else is adding to your bills! And good luck to anyone trying to hack into Yodlee - check out their security section on their site. As for the best Yodlee version to use - 2 words: Mint.com Cheers. Your thinking is out of the box but basically sound. Reg E is a set of rules issued by the Federal Reserve governing electronic transactions that include online banking, ATM withdrawals and debit card payments. The bottom line is that consumers who act quickly are protected and will only be liable up to $50. Consumers must notify their bank of the fraud within 2 business days. Wait 3 days and the liability goes up to $500. And if a consumer waits more than 60 days the liability is unlimited — but only for transactions after the 60 days has expired. Reg E rules are designed to encourage consumers to feel safe about electronic transactions. Even if a consumer has acted negligently and succumbed to a phishing attack and given away personal identification information that led to the fraud they will be protected.

So yeah — use a service like Yodlee to stay on top of all your accounts, anytime, anywhere. Apart from the benefits of knowing where you spend your money each month, you’ll know instantly if someone else is adding to your bills! And good luck to anyone trying to hack into Yodlee - check out their security section on their site.

As for the best Yodlee version to use - 2 words: Mint.com

Cheers.

]]> By: Sam http://www.intelliot.com/blog/archives/2007/08/31/keeping-your-passwords-in-one-place/#comment-306754 Sam Mon, 03 Sep 2007 03:59:43 +0000 http://www.intelliot.com/blog/archives/2007/08/31/keeping-your-passwords-in-one-place/#comment-306754 Any suggestions on the best Yodlee version to use? I'm finding it difficult to register or even to know if I can register at all at the various websites that offer the service. I managed to register on Comerica, but the interface is plain and boring. The others are a mystery as to whether or not they are free or if I can register online. Any suggestions on the best Yodlee version to use? I’m finding it difficult to register or even to know if I can register at all at the various websites that offer the service. I managed to register on Comerica, but the interface is plain and boring. The others are a mystery as to whether or not they are free or if I can register online.

]]>