2014: The Year of the MEGA Data Breach

[Blossom]

This is exactly what I worry about. Banks aren't taking security serious when they should the one who is most secure seeing how much money is handle through them.

[FizzyWater]

Okay, if I sign into my Chase account for the first time on any computer, it asks for second authentification (other than my main login ID and password). Unless I choose to let it remember me on that computer, it asks for it every time.

I just killed the cookies on my laptop and logged into the site. I got the attached screen.

If this isn't 2-step authentification, what is?

[eschwartz]

Quote:

Originally Posted by FizzyWater

Okay, if I sign into my Chase account for the first time on any computer, it asks for second authentification (other than my main login ID and password). Unless I choose to let it remember me on that computer, it asks for it every time.

I just killed the cookies on my laptop and logged into the site. I got the attached screen.

If this isn't 2-step authentification, what is?

Email addresses are something you know, not something you have. Epic fail.

http://en.wikipedia.org/wiki/Multi-f...authentication

2-step != 2-factor

http://en.wikipedia.org/wiki/Two-step_verification


General rant.
Two-step authentication using a single factor means that the person developing the security protocol has missed the whole point altogether.

Google, for example, uses a proper two-factor authentication. You need something you know (username+password) AND something you have (phone).

[FizzyWater]

Quote:

Originally Posted by eschwartz

Email addresses are something you know, not something you have. Epic fail.

http://en.wikipedia.org/wiki/Multi-f...authentication

2-step != 2-factor

http://en.wikipedia.org/wiki/Two-step_verification


General rant.
Two-step authentication using a single factor means that the person developing the security protocol has missed the whole point altogether.

Google, for example, uses a proper two-factor authentication. You need something you know (username+password) AND something you have (phone).

Um, that's the same thing I do for the Chase login. I do have the option to have it sent to email, if that's my choice, but the choices also include having it go to my cell phone (or home, or work). I can tell it to remember my computer (when I'm at home, for example) or not (when I'm at work, although officially no one else can get on my work computer, I'd still rather not have that cookie saved there).

[eschwartz]

Quote:

Originally Posted by FizzyWater

Um, that's the same thing I do for the Chase login. I do have the option to have it sent to email, if that's my choice, but the choices also include having it go to my cell phone (or home, or work). I can tell it to remember my computer (when I'm at home, for example) or not (when I'm at work, although officially no one else can get on my work computer, I'd still rather not have that cookie saved there).

It is absolutely not the same thing in the slightest.

Google two-factor authentication is real. You must have two factors. Without a second factor you cannot get in.

Chase two-step authentication offers two factors, but they will ALSO let you in with two of the same factor.

can != must
option != need

[FizzyWater]

Quote:

Originally Posted by eschwartz

It is absolutely not the same thing in the slightest.

Google two-factor authentication is real. You must have two factors. Without a second factor you cannot get in.

Chase two-step authentication offers two factors, but they will ALSO let you in with two of the same factor.

can != must
option != need

Look, I'm not trying to get into a fight with you. I use Google. It has the same option as Chase - I don't have to do the 2-step everytime, just when I'm on a new computer.

It may be that neither is as secure as they could be. And I'm fully willing to admit I obviously misunderstood the definition of "2-step authentification" (since even Chase's customer service dept says they don't have it). But I only have a couple of accounts that have the OPTION of 2-step login of some type so far - Chase and Google. (Maybe Yahoo - but if so, I don't think I have that one turned on).

ETA: I just remembered - I turned on 2-step for Dropbox website login as well. I forgot about that one, because the syncing on my computer happens without it, and I seldom login to the website.

[Blossom]

Sites that offer 2 steps that I know are

Gmail, Outlook, Origin, Dropbox, OneDrive, PayPal. This can be a nice way to step up security but it can also be a pain to use sometimes.

[Ripplinger]

After reading this thread, I've been tempted to request a new card from my bank since I purchase a lot at Home Depot and rarely carry cash on me. I was a bit surprised my bank didn't automatically do it like they did after Sony was hacked in 2011. But I was dreading having to update all my autopay utilities and online stores.

And then today my bank made the decision for me by mail saying they're issuing new cards. At least this time they're giving advance notice so I don't get a declined at a cash register and they're leaving current cards active for another 2 weeks. I freaked out the last time since they didn't even send out a notice, just cut off cards without any warning and I thought my banking info had been stolen and accounts cleaned out.

[Blossom]

Quote:

Originally Posted by Ripplinger

After reading this thread, I've been tempted to request a new card from my bank since I purchase a lot at Home Depot and rarely carry cash on me. I was a bit surprised my bank didn't automatically do it like they did after Sony was hacked in 2011. But I was dreading having to update all my autopay utilities and online stores.

And then today my bank made the decision for me by mail saying they're issuing new cards. At least this time they're giving advance notice so I don't get a declined at a cash register and they're leaving current cards active for another 2 weeks. I freaked out the last time since they didn't even send out a notice, just cut off cards without any warning and I thought my banking info had been stolen and accounts cleaned out.

That happen to millions last Christmas with Target but our bank isn't doing this time even though we shopped at Kmart and Home Depot several times. They sent email telling us to monitor everything and report anything unusual.

[Froide]

Quote:

Originally Posted by Blossom

Seriously you just assumed all of this about me? How do you know what I keep on my account? Dropbox is where I put my Calibre Library. I change my password because I don't want to lose access to my account I work so hard at getting free space to. It took over a year to get that 19GB and I'm at 80% that would mess up my backup system. As a wife who was married a USAF guy the NSA is the last person I am worried about seeing my Romance books I read. They can read my email too if they want nothing there but lots of spam and newsletters. I do Swagbucks everyday where I give all my basic info out for pennies. You think I care if people see it? No. I have nothing of value. I wouldn't want them showing up at my door now like Kathleen Hale did to that reviewer that would be scary but as long as my Financial info stays safe that's all that matters.

I wouldn't want them showing up at my door now like Kathleen Hale did to that reviewer
Now, that would be scary.

[Blossom]

Quote:

Originally Posted by Froide

I wouldn't want them showing up at my door now like Kathleen Hale did to that reviewer
Now, that would be scary.

My jaw still drops just reading that article. Talk about crazy people. She is queen.

[WT Sharpe]

It was reported yesterday that Staples may be the latest addition to the list of those who have experienced a security breech involving malware installed on cash registers. Both Staples and bank officials are currently investigating.

[Froide]

Quote:

Originally Posted by WT Sharpe

It was reported yesterday that Staples may be the latest addition to the list of those who have experienced a security breech involving malware installed on cash registers. Both Staples and bank officials are currently investigating.

You beat me to it. Yep, I heard this yesterday, on the news. After thinking, "Yikes!" and, "Good thing I postponed my trip to Staples," I immediately began weighing the PITA factor of purchasing gift cards in various denominations from the bank, so I could use them in lieu of my credit card when making purchases. Each purchase would then be a clean, un-"hit"table one for hackers, since immediately afterward I could ditch the card; take the package.

[Blossom]

Quote:

Dear Valued Customer,

The Home Depot has discovered that a file containing your email address may have been taken during the payment card breach we announced in September. The file contained email addresses, but it did not contain passwords, payment card information, or other sensitive personal information. We apologize for this incident and for the inconvenience and frustration this may cause you.

In all likelihood this event will not impact you, but we recommend that you be on the alert for phony emails requesting personal or sensitive information. If you have any questions or would like additional information on how to protect yourself from email scams, please visit our website or call 1-800-HOMEDEPOT.

Again, we apologize for the frustration and inconvenience this incident may have caused. Thank you for your continued support.

Sincerely,

The Home Depot

I was only signed up for special deals emails. Something to think about. Can we say here comes the spam. *sigh*

[WT Sharpe]

I got the same email.