[Hidden-tech] Safari question

[Joe Edelman]

Hi Chris,

Surely you're aware the myriad of settings in 'Keychain Access' and the
Security Control Panel that make password remembering on macs more
secure.

For instance, I have my "login" keychain (with all my web passwords) set
to lock whenever I put the machine to sleep, or after 5 minutes of
inactivity.  I know that my passwords are stored encrypted by my
passphrase, which needs to be entered to unlock it.  It is unlikely that
someone could steal my laptop without it having been put to sleep (by
closing the lid) or having five minutes of inactivity.

The most important advantage is that my web passwords are all different,
and I don't have to use the mental space (or a text file) to remember
them.  This, I believe, is more secure than what most people do, reusing
passwords across sites, and giving their password thusly to every
sysadmin and every dba at each of those sites.  Are your passwords all
different?  How do you remember them without help?

--Joe

--
J.E. -- http://nxhx.org -- 413.250.8007

>   ** The author of this post was a Good Dobee.
>   ** You too can help the group
>   ** Fill out the survey/skills inventory in the member's area.
>   ** If you did, we all thank you.
>
>
> Color me paranoid, but one of my responsibilities is systems, network & 
> internet security. I do use my home computer for online banking, bill 
> paying, credit card management, online purchasing, etc. However, there are a 
> couple of ground rules that I always follow.
>
> (1) I never, ever let my browser save personal information, usernames or 
> passwords. I always type them in myself. If your machine is every 
> compromised, or stolen, or just left alone so that someone can access it 
> (say they broke into your house), it is just too easy to look at the 
> bookmarks, see a bank or credit card link, go to it, and (oh joy, the magic) 
> it remembers your login and password, and suddenly someone else is in your 
> account shuffling stuff around.
>
> (2) I never, ever put any paper that has such private information in the 
> trash without passing it through a good shredder. Identity theft has become 
> all too common.
>
> (3) I never, ever click on a link from an email to do anything that involves 
> personal data or that I expect to be secure. I always go to my bank, credit 
> card, etc. from my own bookmark links or by typing in the URL directly. 
> Spammers are very very good at making emails that look like the real thing, 
> that have forged from addresses that look good, but that one critical link 
> you have to click on to do whatever it is they want you to do has a hidden 
> IP address underneath and goes to a fake website. That fake web site siphons 
> off your personal information, account login, etc. and/or downloads a trojan 
> to your computer.
>
> (4) I never, ever do anything online involving money that I expect to be 
> secure on a Windows PC. There are just far too many compromises, viruses, 
> trojans, keyloggers, etc. out there that hit PC's. I'm sure there are those 
> who will be up in arms to defend PC's, but I don't really care. If you want 
> to know why you get so much spam in your email (it now constitutes the 
> majority of the mail on the internet), it's in significant part because 
> there are huge armies of botnet PCs controlled by spammers, and the owners 
> of those PCs have no clue they are owned. Even on a private network here at 
> work, where PCs are not addressable or scannable from the internet, we 
> periodically have to clean up compromised PCs.
>
> (5) My home computer is the latest Mac OS X, with the latest updates and 
> patches, with all the security settings intact; but, nevertheless, it is on 
> a private network behind a firewall and cannot be directly addressed from 
> the internet.
>
> (6) If I had a laptop, I would never do any kind of online banking or 
> financial transactions that I expected to be secure from any public wireless 
> network. Even if you are using a secure connection, there is just too much 
> hostile activity and probing going on on public wireless networks. If I had 
> a laptop, I might even choose not to ever use that laptop for online banking 
> even when I had returned it to home base and was on a private network behind 
> a firewall. It's sort of like when you're giving blood and they ask all 
> those questions -- have you ever . . . , in the last year have you . . . , 
> etc. It doesn't mean you're infected. It just means there is a significant 
> risk involved.
>
> OK, maybe all that was a bit overboard. But saving usernames and passwords 
> for autofill for online banking just set me off like a blow torch to the 
> fuel tank. Major, major security breach.
>
>
>
> ---------------
>
> Chris Hoogendyk
>
> -
>   O__  ---- Systems Administrator
>  c/ /'_ --- Biology & Geology Departments
> (*) \(*) -- 140 Morrill Science Center
> ~~~~~~~~~~ - University of Massachusetts, Amherst 
> <hoogendyk at bio.umass.edu>
>
> --------------- 
> Erdös 4
>
>
>
>
> Annamarie Pluhar wrote:
>> Hi Jeff, 
>> I'm not sure if this is your answer but I don't have that problem. There is 
>> a setting Safari/Preferences/Autofill  select User names and passwords.  I 
>> think that should let you save it. 
>> Related question: How does one "get" Keychain to save a password if you 
>> changed your mind after you've told it never to save? 
>>
>>
>> Annamarie Pluhar
>>
>> *Pluhar Consulting*
>> Helping organizations live their values
>> /
>> /
>> /http://www.pluharconsulting.com/ <http://www.pluharconsulting.com/>
>> /s//trategic solutions/
>> /f//acilitation /
>> /t//raining/
>> /instructional design/
>>
>> /802.451.1941/
>> /802.579.5975 (cell)/
>>
>>
>> On Feb 13, 2008, at 4:52 PM, Jeff Rutherford wrote:
>>
>>> I have a Safari/Apple question that hopefully someone can answer. I do a 
>>> lot of online banking and checking various credit card balances online, 
>>> and I repeatedly get prompted with "This is a personal computer, please 
>>> remember my info."
>>>
>>> However, no matter how many times, I choose that option, every time I 
>>> revisit a site, I'm prompted yet again as if I've never visited the site 
>>> before. When I used a PC, I never had this issue.
>>>
>>> Is there some Safari or Apple setting that I can change, so that my info 
>>> for these various sites is remembered?
>>>
>>> Jeff
>>>
>>>
>>>
>>> Jeff Rutherford
>>> jeff at jeffrutherford.com <mailto:jeff at jeffrutherford.com>
>>> 413 369-4128 - phone
>>> 866 677-4108 - fax
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members   page 
> on the Hidden Tech Web site.
> http://www.hidden-tech.net/members