Re: Re (2): Multiplicity of accounts.

[Joel Rees <joel.rees@gmail.com>]

On Thu, Oct 3, 2013 at 1:53 AM, Jerry Stuckle <jstuckle@attglobal.net> wrote:
> On 10/2/2013 12:24 PM, peasthope@shaw.ca wrote:
>>
>> From:   Joel Rees <joel.rees@gmail.com>
>> Date:   Wed, 2 Oct 2013 15:30:26 +0900
>>>
>>> [...]
>
>>> And accessing your bank logged in as the same user that you use to
>>> surf random sites is one of the primary causes of leaked bank account
>>> numbers and passwords.
>>
>>
>> The banking information is stored in a cookie.  Subsequently a site other
>> than the bank is allowed to read the cookie?  A failure of the browser.
>> Correct?  Prior to studying this thoroughly, I might stick to personal
>> banking.
>>
>
> Not if your browser is working properly.  Cookies can only be sent to the
> domain which originated them (and, depending on the cookie options,
> subdomains of the main domain).

subdomains.

And too many places, bank sites included, outsource parts of their
sites. Particularly ad-related stuff.

I play it safe and limit logging in to my bank to a user that does
nothing but logging into that bank. Hey, it's my computer, I can add
users all I like.

And I try to avoid logging in to the bank, but the bank sometimes
requires me to log in to do certain things, now.

> But too many people use the same userid/password for multiple sites, and a
> security problem on one site can expose those userids/passwords.  This makes
> it easy for a hacker to access one's banking account.
>
> I use online banking all the time.  But I have a unique userid/password
> combination on each of my accounts.  These are long, non-obvious, known only
> to me and not stored on any computer.

That's important, too. Which means that the problem here is getting
used to manage more than a few userids and passwords, and most people
are intimidated by what it takes to get that experience.

--
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.