Re: Re (2): Multiplicity of accounts.
On Thu, Oct 3, 2013 at 1:53 AM, Jerry Stuckle <jstuckle@attglobal.net> wrote:
> On 10/2/2013 12:24 PM, peasthope@shaw.ca wrote:
>>
>> From: Joel Rees <joel.rees@gmail.com>
>> Date: Wed, 2 Oct 2013 15:30:26 +0900
>>>
>>> [...]
>
>>> And accessing your bank logged in as the same user that you use to
>>> surf random sites is one of the primary causes of leaked bank account
>>> numbers and passwords.
>>
>>
>> The banking information is stored in a cookie. Subsequently a site other
>> than the bank is allowed to read the cookie? A failure of the browser.
>> Correct? Prior to studying this thoroughly, I might stick to personal
>> banking.
>>
>
> Not if your browser is working properly. Cookies can only be sent to the
> domain which originated them (and, depending on the cookie options,
> subdomains of the main domain).
subdomains.
And too many places, bank sites included, outsource parts of their
sites. Particularly ad-related stuff.
I play it safe and limit logging in to my bank to a user that does
nothing but logging into that bank. Hey, it's my computer, I can add
users all I like.
And I try to avoid logging in to the bank, but the bank sometimes
requires me to log in to do certain things, now.
> But too many people use the same userid/password for multiple sites, and a
> security problem on one site can expose those userids/passwords. This makes
> it easy for a hacker to access one's banking account.
>
> I use online banking all the time. But I have a unique userid/password
> combination on each of my accounts. These are long, non-obvious, known only
> to me and not stored on any computer.
That's important, too. Which means that the problem here is getting
used to manage more than a few userids and passwords, and most people
are intimidated by what it takes to get that experience.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
Reply to: