On Mon, 17 Dec 2012 12:17:24 +0100, Kevin Wright
<kev.lee.wri...@gmail.com> wrote:
At this point, you're probably being over-paraniod in the wrong
direction!
So far as I'm aware, you're at higher risk of having your card cloned
from
a cardholder-not-present transaction over the phone, or from day-0
exploit
that logs your keyboard/clipboard, or from a remote website being hacked,
or from a cashpoint that's been exploited.
Each risk breach has got its cost. If my card is cloned (it's difficult
nowadays, since they are all microchipped) I'd get in any case immediate
notification of transactions by means of SMS messaging and I'd block the
card. Usually the card company doesn't have problems in refunding the
transaction. For the most precious asset, my banking accounts, I have
three (since the past years, also to minimize financial risks of banks),
and I distribute money among them. If somebody steals one of the
passwords, it could drain one of my accounts. If all my passwords are at
LastPass and it's breached, the bad guy could access immediately all my
accounts (well, only two of them: the third also requires one-time
passwords generated by a dongle; this makes LastPass useless for this
account).
Can you convince me that it's safer to type in your password each time,
or
to copy/paste than it is to allow a dedicated application to autofill web
forms for you?
Having a keyboard sniffer on my Mac sound pretty much as the same risk of
having LastPass breached. This means that LastPass doesn't add any further
security, still it's one more system to take care of...
So far, the most interesting solution was the one advised by Casper quite
a few time ago (the topic was already debated), since I think he made some
analysis on the code... but I'm not convinced yet even of it.
--
Fabrizio Giudici - Java Architect @ Tidalwave s.a.s.
"We make Java work. Everywhere."
http://tidalwave.it/fabrizio/blog - fabrizio.giud...@tidalwave.it
--
You received this message because you are subscribed to the Google Groups "Java
Posse" group.
To post to this group, send email to javaposse@googlegroups.com.
To unsubscribe from this group, send email to
javaposse+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/javaposse?hl=en.