Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

Fed up with ever increasing logon procedures!

A friendly ear
martinc
Lemon Pip
Posts: 62
Joined: June 30th, 2017, 1:27 pm
Has thanked: 23 times
Been thanked: 33 times

Re: Fed up with ever increasing logon procedures!

#360774

Postby martinc » November 28th, 2020, 12:30 am

I keep my Keepass database (kdbx file) in the cloud (OneDrive), so I can use the same database for phone, tablet and PC. As well as passwords etc. I keep scans of my passport, driving licence etc. This all relies on Keepass having unbreakable encryption of course.

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Fed up with ever increasing logon procedures!

#360871

Postby mc2fool » November 28th, 2020, 1:35 pm

Just to add a couple of things to vrdiver's reply....
vrdiver wrote:
Howard wrote:Can I check? Does keepass fill in all the information for you? Or does it just store passwords etc?
Yes and yes. At the basic level you can use it to store userID, password, memorable date, pets name etc and then just copy and paste as required, but you can also use "autotype" and let it fill out the information required by pressing e.g. CTRL-ALT-A

And there are also Firefox and Chrome (and, I believe, Edge) add-ons that integrate Keepass with the browser so it can be used from it and fill in fields directly.

Howard wrote:Logging in to a large bank share trading site is a pain. My computer remembers my name and customer number after that it has to be paperwork for the five digit code and random selection of three digits from favourite eight letter word. I can't see how keepass will solve this problem...

Like this: :D

Image
https://keepass.info/help/base/placeholders.html

And not only can it be setup to handle multiple accounts at the same site (be it a bank, or amazon, or whatever) but it can also be so to handle multiple options for the same account. E.g. several of my savings banks have asked me for a "memorable" name, date and place, and on login require me to provide three characters from one of those, randomly. For those cases Keepass pops up a list for me to choose which of name, date or place the site wants me to provide characters from this time round before then going into the picker shown above.

Now, of course the thing that is becoming increasingly common that it can't do, is receive and enter the OTP banks etc now like to send to your mobile and require you to enter as part of the login process. If only .....!

Howard wrote:Would keepass alert users if their data was stolen? From what I know, virtually anything can be unencrypted as we know from data breaches at the Pentagon.

Keepass is not a service, it's a programme that runs on your PC using data kept on your PC. It can't alert you if someone gets access to your PC and copies its data file any more than Word can alert you if someone copies one of your .DOC files.

I don't know which data breaches at the Pentagon you are referring to, ISTR the last breaches there were due to sloppy/default passwords, not anything to do with breaking any encryption, and it's certainly not true that "virtually anything can be unencrypted" --- if you believed that you'd not be doing any online banking!

(Ok, technically it is true that anything can be unencrypted, as a sheer brute force attack will eventually do so ... but with the current level of AES 256 bit encryption used by Keepass -- the same that your browser uses to encrypt communications with your bank -- it'd take today's fastest supercomputers several million years to crack, which I think we can agree, makes it more than good enough ... at least until we get quantum computers, but that's another story... :D)

Howard wrote:If someone stole my paperwork I'd know immediately.

Beh, nobody steals paperwork. They photograph it. Don''t you watch any spy movies..... :lol:

mc2fool
Lemon Half
Posts: 7812
Joined: November 4th, 2016, 11:24 am
Has thanked: 7 times
Been thanked: 3017 times

Re: Fed up with ever increasing logon procedures!

#360873

Postby mc2fool » November 28th, 2020, 1:43 pm

martinc wrote:I keep my Keepass database (kdbx file) in the cloud (OneDrive), so I can use the same database for phone, tablet and PC.

That's fine if it's only ever changed on one device, e.g. the PC, and only used "read-only" on the others, but it runs into problems if you are adding/making changes on more than one device.

For those that need to do that I posted what I do a while back. Start here: viewtopic.php?f=39&t=18765#p241288

stevensfo
Lemon Quarter
Posts: 3436
Joined: November 5th, 2016, 8:43 am
Has thanked: 3806 times
Been thanked: 1398 times

Re: Fed up with ever increasing logon procedures!

#360912

Postby stevensfo » November 28th, 2020, 4:03 pm

martinc wrote:I keep my Keepass database (kdbx file) in the cloud (OneDrive), so I can use the same database for phone, tablet and PC. As well as passwords etc. I keep scans of my passport, driving licence etc. This all relies on Keepass having unbreakable encryption of course.



I will definitely have a look at it. From what I read, it is opensource software, so it may be okay.

We've used opensource Axcrypt for at least 25 years and I saw all the other programs that came and went, offering encryption, but none like Axcrypt and Truecrypt where the code was examined and scrutinised by encryption experts, and checked for no back doors. Axcrypt is still powerful, and so easy to use, but I don't like the way it works with Windows10.

Steve

PS I also have pdfs of passports, driving licences etc but don't bother encrypting them. Why bother?

Lootman
The full Lemon
Posts: 18678
Joined: November 4th, 2016, 3:58 pm
Has thanked: 628 times
Been thanked: 6561 times

Re: Fed up with ever increasing logon procedures!

#360915

Postby Lootman » November 28th, 2020, 4:07 pm

I am with Arb on this, I don't trust these fancy solutions, and in fact the fancier they are, the less I trust them.

So for me it is a piece of paper which travels with me, and a copy locked up in my safe. It is written in a way that I understand it but someone else could not. And it works even if I have an equipment, software or connectivity failure.

Simples.

kiloran
Lemon Quarter
Posts: 4092
Joined: November 4th, 2016, 9:24 am
Has thanked: 3234 times
Been thanked: 2827 times

Re: Fed up with ever increasing logon procedures!

#360917

Postby kiloran » November 28th, 2020, 4:22 pm

Lootman wrote: It is written in a way that I understand it but someone else could not.

I seriously doubt that your manual "encryption" is harder to crack than AES 256-bit

--kiloran

Lootman
The full Lemon
Posts: 18678
Joined: November 4th, 2016, 3:58 pm
Has thanked: 628 times
Been thanked: 6561 times

Re: Fed up with ever increasing logon procedures!

#360919

Postby Lootman » November 28th, 2020, 4:27 pm

kiloran wrote:
Lootman wrote: It is written in a way that I understand it but someone else could not.

I seriously doubt that your manual "encryption" is harder to crack than AES 256-bit

That isn't the point, unless the person who somehow gets sight of my document just so happens to have that level of skill and knowledge, and access to all kinds of other personal information. It is more likely to be the housekeeper in a hotel or some such.

It's all about being 99.9% effective without any of the hassle.

AF62
Lemon Quarter
Posts: 3499
Joined: November 27th, 2016, 8:45 am
Has thanked: 131 times
Been thanked: 1277 times

Re: Fed up with ever increasing logon procedures!

#360940

Postby AF62 » November 28th, 2020, 5:11 pm

ten0rman wrote:So what am I trying to do? Rob the Bank of England? Well not really, merely request yet another months supply of medication!


If you phone has a fingerprint sensor or facial recognition then just use the NHS app - https://www.nhs.uk/using-the-nhs/nhs-se ... e-nhs-app/

No password, no remembering login details, just use your fingerprint or face and you are in and can order or book whatever you want.

Lootman
The full Lemon
Posts: 18678
Joined: November 4th, 2016, 3:58 pm
Has thanked: 628 times
Been thanked: 6561 times

Re: Fed up with ever increasing logon procedures!

#360943

Postby Lootman » November 28th, 2020, 5:18 pm

AF62 wrote:
ten0rman wrote:So what am I trying to do? Rob the Bank of England? Well not really, merely request yet another months supply of medication!

If you phone has a fingerprint sensor or facial recognition then just use the NHS app - https://www.nhs.uk/using-the-nhs/nhs-se ... e-nhs-app/

No password, no remembering login details, just use your fingerprint or face and you are in and can order or book whatever you want.

I have fingerprint security on my phone but even so I do not use my phone for anything important. I do not trust the way passwords etc. are bypassed. It just seems too easy to get into the apps.

So I do zero financial activity on my phone. I would not do anything medical on it either. But I am happy to book hotels, trains and planes on my phone, which is handy wen travelling.

Howard
Lemon Quarter
Posts: 2178
Joined: November 4th, 2016, 8:26 pm
Has thanked: 885 times
Been thanked: 1017 times

Re: Fed up with ever increasing logon procedures!

#360957

Postby Howard » November 28th, 2020, 5:58 pm

mc2fool wrote:Just to add a couple of things to vrdiver's reply....
vrdiver wrote:
Howard wrote:Can I check? Does keepass fill in all the information for you? Or does it just store passwords etc?
Yes and yes. At the basic level you can use it to store userID, password, memorable date, pets name etc and then just copy and paste as required, but you can also use "autotype" and let it fill out the information required by pressing e.g. CTRL-ALT-A

And there are also Firefox and Chrome (and, I believe, Edge) add-ons that integrate Keepass with the browser so it can be used from it and fill in fields directly.

Howard wrote:Logging in to a large bank share trading site is a pain. My computer remembers my name and customer number after that it has to be paperwork for the five digit code and random selection of three digits from favourite eight letter word. I can't see how keepass will solve this problem...

Like this: :D

Image
https://keepass.info/help/base/placeholders.html

And not only can it be setup to handle multiple accounts at the same site (be it a bank, or amazon, or whatever) but it can also be so to handle multiple options for the same account. E.g. several of my savings banks have asked me for a "memorable" name, date and place, and on login require me to provide three characters from one of those, randomly. For those cases Keepass pops up a list for me to choose which of name, date or place the site wants me to provide characters from this time round before then going into the picker shown above.

Now, of course the thing that is becoming increasingly common that it can't do, is receive and enter the OTP banks etc now like to send to your mobile and require you to enter as part of the login process. If only .....!

Howard wrote:Would keepass alert users if their data was stolen? From what I know, virtually anything can be unencrypted as we know from data breaches at the Pentagon.

Keepass is not a service, it's a programme that runs on your PC using data kept on your PC. It can't alert you if someone gets access to your PC and copies its data file any more than Word can alert you if someone copies one of your .DOC files.

I don't know which data breaches at the Pentagon you are referring to, ISTR the last breaches there were due to sloppy/default passwords, not anything to do with breaking any encryption, and it's certainly not true that "virtually anything can be unencrypted" --- if you believed that you'd not be doing any online banking!

(Ok, technically it is true that anything can be unencrypted, as a sheer brute force attack will eventually do so ... but with the current level of AES 256 bit encryption used by Keepass -- the same that your browser uses to encrypt communications with your bank -- it'd take today's fastest supercomputers several million years to crack, which I think we can agree, makes it more than good enough ... at least until we get quantum computers, but that's another story... :D)

Howard wrote:If someone stole my paperwork I'd know immediately.

Beh, nobody steals paperwork. They photograph it. Don''t you watch any spy movies..... :lol:


Thank you - but I couldn't resist adding a sequel -

“It was the perfect crime Sarge. He planned everything.

Alarm cut, a clean entry, no fingerprints, quietly forcing the downstairs window open. He took the family silver, keys to Mr H’s Roller, Mrs H’s jewellery. He expertly cut the Andy Warhol originals from their frames. All done in a few seconds.”

“Well, how did you catch him?”

“When we arrived twenty minutes after the initial break in following the tip-off from the neighbours he was still there. I can’t explain why, he was leafing through an old exercise book photographing every page.

Sarge, why would such an experienced operator make such a mistake? He’d only got half way through the book.

And he’s down in the cells now muttering to himself : Uncle Ted’s dog, Aunty Mary’s cat, Matilda’s age divided by ten, Gerry the goldfish’s left fin colour, Dad’s football team’s highest score, George’s golf handicap …….”


Regards ;)

Howard

AF62
Lemon Quarter
Posts: 3499
Joined: November 27th, 2016, 8:45 am
Has thanked: 131 times
Been thanked: 1277 times

Re: Fed up with ever increasing logon procedures!

#360988

Postby AF62 » November 28th, 2020, 7:08 pm

Lootman wrote:
AF62 wrote:
ten0rman wrote:So what am I trying to do? Rob the Bank of England? Well not really, merely request yet another months supply of medication!

If you phone has a fingerprint sensor or facial recognition then just use the NHS app - https://www.nhs.uk/using-the-nhs/nhs-se ... e-nhs-app/

No password, no remembering login details, just use your fingerprint or face and you are in and can order or book whatever you want.

I have fingerprint security on my phone but even so I do not use my phone for anything important. I do not trust the way passwords etc. are bypassed. It just seems too easy to get into the apps.

So I do zero financial activity on my phone. I would not do anything medical on it either. But I am happy to book hotels, trains and planes on my phone, which is handy wen travelling.


Your choice, but personally given the steps the police have to jump through to try to get into any of Apple's phones , that indicates to me they are far more secure than the solutions the vast majority of people use for passwords and memorable details.

ten0rman
Lemon Slice
Posts: 525
Joined: November 4th, 2016, 9:16 pm
Been thanked: 169 times

Re: Fed up with ever increasing logon procedures!

#367678

Postby ten0rman » December 19th, 2020, 11:40 am

This is an update to my original rant.

It's Saturday, 19 Dec 2020 and I want to request another lot of pills. Just for the record, these are all because a few years ago I had a mild heart attack and had two stents fitted, so it's not as if I'm asking for paracetamol, or some other over-the-counter substance, just 7 pills every 4 weeks to keep the old ticker going.

So, I logon to Patient Access - enter UID, enter P/W, and then characters 2, 5 & 17 of the memorable word. I then count up the letters only to find I have only got 16 letters so presumably I've managed to put something else in, possibly a space. But I can't get past it. And the so-called hint actually doesn't work. Ok mea culpa I've no doubt. So I try the "I've forgotten my P/w/memorable word". Can't do that, they don't hold either a email address or a mobile phone number. Now, I do not give out my mobile phone number at all, simply because in the past I have had various spam calls on it, and because it spends 95% of its time switched off. I absolutely will not go around with that thing clamped to my ear just in case someone wants to tell me something totally unimportant! Ok, that's me, and the way things are going, although I deeply resent it, it is looking more and more that I am going to have to use it. In respect of the email address, that is just plain wrong - they do have an email address and they do send me emails, eg over this Covid -19 as I am one of these Clinically Extremely Vulnerable people as well (I'm under chemotherapy for lung cancer). Plus see below.

Anyway, there is more than one way to skin a cat, as the saying goes, so let's try setting up a new account - see if that gets round the problem. Using the same details as before. First thing is they say that the email address is already in use. So much for there isn't one held! Ok try another email address. That works, until I get to the point that they are asking if I've received a letter from the surgery as they need some details from it. End of attempt to set up a new account.

Ok, let's try ringing the surgery in an attempt to see if there is a any sort of support for this system - Surgery is now closed. Blooming Heck, with the number of people they have on the books, there really ought to be someone there, after all other places have a Saturday rota system, so why not them?

End result - beaten by the system, yet again.

Now fair enough, a lot of this is most likely my own fault, especially as I've been trying, in a way, to beat the system, but it's as a direct consequence of this silly idea of having to enter 3 characters from a memorable word, especially as I already have entered a long number UID and an even longer all mixed up P/W. Frankly, I can't see the need for all this privacy - people are getting paranoid over it. Does it really matter if Joe Soap discovers what medication I'm on? It's no secret anyway. Does it really matter if T.E. Norman gets hold of a set of pills which are not for him? When all said and done, Boots, who I use, know me and my wife, and my son (well after 20+ years they ought to do) so it's very unlikely that a wrongly issued prescription will get very far.

Just as a matter of interest, my real name is quite common - so it seems, and there is at least one other person on both the doctor's surgery and the dentist's surgery with the same name and I have had to request that the surgeries amend their records to warn of this problem, ostensibly to protect the other person but in reality, and selfishly, to make sure that "stuff" for me does not go astray.

Rant over,

A very upset,

ten0rman

ReformedCharacter
Lemon Quarter
Posts: 3120
Joined: November 4th, 2016, 11:12 am
Has thanked: 3590 times
Been thanked: 1509 times

Re: Fed up with ever increasing logon procedures!

#367692

Postby ReformedCharacter » December 19th, 2020, 12:20 pm

ten0rman wrote:Does it really matter if Joe Soap discovers what medication I'm on?
ten0rman

I'm sorry to hear about your difficulties. Funnily enough when I received my last prescription from the pharmacy at my local GP's surgery I found the re-order slip for another patient with an additional slip telling that person that they needed a blood test. This listed the patient's name, address, age and medications. This breached the GDPR and the NHS guidelines regarding patient privacy. The surgery seemed to have taken this seriously or at least that's what they say and will I think have to report themselves to the CQC.

RC

ten0rman
Lemon Slice
Posts: 525
Joined: November 4th, 2016, 9:16 pm
Been thanked: 169 times

Re: Fed up with ever increasing logon procedures!

#367701

Postby ten0rman » December 19th, 2020, 12:43 pm

RC,

Now that is bad! At least I've never had anything like that. What I have had is the other person's dental records in my hands, but only whilst I was still in the dental surgery, a prescription correctly for me but with his address on it, a missing letter about 'flu vaccinations, and a repeat prescription for quinine which I assume may have been for the other person.

As it happens, I did meet the other person and checked with him that he did indeed use the same surgeries and then told him about the first mixup.

Anyway, it'll no doubt come out in the wash - it's just so terribly frustrating. And it's fortunate that I have for a long time made a point of ordering my repeats 4 weeks early so I do have some leeway, although Christmas & New Year aren't going to help.

ten0rman

Dod101
The full Lemon
Posts: 16629
Joined: October 10th, 2017, 11:33 am
Has thanked: 4343 times
Been thanked: 7534 times

Re: Fed up with ever increasing logon procedures!

#367707

Postby Dod101 » December 19th, 2020, 1:19 pm

I carry my bank log in details and the details for share platforms with me all the time, in my head. It is not written down anywhere. That is I think quite secure.

Apart from these sites, there are hardly any other passwords that cannot be written down. For instance if somebody really wants to take a look at say my BT account that is up to them. Only pesky Amazon holds my card details I think, and I would really like to remove them from its site so that is another password I hold in my head. Just about any other site I do not really care about. I always try to sign in as a guest if I am buying stuff online so that I do not have the trouble of remembering log in details.

It seems that repeat prescription sites are a particular bugbear but fortunately I do not have any to worry about (so far anyway!) And why not write the password down somewhere anyway?

Dod

richfool
Lemon Quarter
Posts: 3492
Joined: November 19th, 2016, 2:02 pm
Has thanked: 1194 times
Been thanked: 1280 times

Re: Fed up with ever increasing logon procedures!

#367710

Postby richfool » December 19th, 2020, 1:54 pm

I use the fingerprint technology on my smartphone, to access some of my banking and investment type accounts through their apps installed on my phone.

When ordering things online and using a credit card or debit card, I always look to tick the box, not to retain my card details for future use. I also try and use a card which expires soonest, so if they do retain any card details they will become out of date soonest.

What does irritate me are businesses (like some computer AV programmes), that want me to pay with an ongoing standing order type authority on my credit or debit card. I won't proceed with the transaction if they don't offer an alternative.

Sussexlad
Lemon Slice
Posts: 382
Joined: November 4th, 2016, 12:49 pm
Has thanked: 317 times
Been thanked: 163 times

Re: Fed up with ever increasing logon procedures!

#368265

Postby Sussexlad » December 21st, 2020, 10:30 am

My wife's been using Evergreen Life GP services for a while now, to order her medicines from the local pharmacy. It's worked very well, don't know if that's of any use. I believe the pharmacy will deliver if that's necessary.

Clitheroekid
Lemon Quarter
Posts: 2856
Joined: November 6th, 2016, 9:58 pm
Has thanked: 1384 times
Been thanked: 3771 times

Re: Fed up with ever increasing logon procedures!

#368833

Postby Clitheroekid » December 22nd, 2020, 4:02 pm

richfool wrote:When ordering things online and using a credit card or debit card, I always look to tick the box, not to retain my card details for future use.

I do the exact opposite. I'm only too happy to let them have my card details, so as to avoid the irritation of having to locate and complete them every time I buy something.

I'm really not that bothered about the card details being stolen and misused. Firstly, I think it's extremely rare that it happens at all on a reputable website. Secondly, in my experience the banks always repay the money anyway, so there's just the nuisance of getting a new card.

We all have different attitudes to risk, but the minor risks of card fraud are to me far outweighed by the convenience of just clicking in the box and having the details automatically inserted.

AF62
Lemon Quarter
Posts: 3499
Joined: November 27th, 2016, 8:45 am
Has thanked: 131 times
Been thanked: 1277 times

Re: Fed up with ever increasing logon procedures!

#369197

Postby AF62 » December 23rd, 2020, 4:05 pm

ten0rman wrote:Now fair enough, a lot of this is most likely my own fault, especially as I've been trying, in a way, to beat the system


Yes it is.

You have a choice - use the system or don't use the system, but doing things like not giving out your mobile phone number are illogical. The spam/fraudsters don't buy mailing lists with phone numbers - they simply dial random numbers until they get someone to answer and speak to them.

ten0rman wrote:Frankly, I can't see the need for all this privacy - people are getting paranoid over it. Does it really matter if Joe Soap discovers what medication I'm on? It's no secret anyway. Does it really matter if T.E. Norman gets hold of a set of pills which are not for him? When all said and done, Boots, who I use, know me and my wife, and my son (well after 20+ years they ought to do) so it's very unlikely that a wrongly issued prescription will get very far.


Frankly I do see the need for all this privacy. I would rather prefer that all and sundry did not know what medication I am on. I am also sure the authorities would rather prefer that all and sundry did not have access to medication that was not for them.

Your 'security' system seems to be - live in a small town and use the pharmacy for 20+ years so you get to know all the staff before you actually need to start ordering prescriptions. Funnily enough I don't think that would work very well in London, Manchester, Birmingham, or even my small provincial town.

So use the online system or don't use the online system, but imagining issues where they don't exist and trying to use it in a way for which it was not designed to work will only end in tears.

richfool
Lemon Quarter
Posts: 3492
Joined: November 19th, 2016, 2:02 pm
Has thanked: 1194 times
Been thanked: 1280 times

Re: Fed up with ever increasing logon procedures!

#369226

Postby richfool » December 23rd, 2020, 4:54 pm

Clitheroekid wrote:
richfool wrote:When ordering things online and using a credit card or debit card, I always look to tick the box, not to retain my card details for future use.

I do the exact opposite. I'm only too happy to let them have my card details, so as to avoid the irritation of having to locate and complete them every time I buy something.

I'm really not that bothered about the card details being stolen and misused. Firstly, I think it's extremely rare that it happens at all on a reputable website. Secondly, in my experience the banks always repay the money anyway, so there's just the nuisance of getting a new card.

We all have different attitudes to risk, but the minor risks of card fraud are to me far outweighed by the convenience of just clicking in the box and having the details automatically inserted.

Well I much prefer to keep such information to myself, thank you. It helps protect me from various companies having their records hacked, as I believed happened with Carphone Warehouse/ Curry's a couple of years back. If my CC info is not held by such businesses then it can't fall into the hands of hackers.

I can cope with keying the information in again, if, and when I order something online.


Return to “Comfort Cafe”

Who is online

Users browsing this forum: No registered users and 9 guests