12-22-2022, 06:33 PM
|
#61
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Yeah just saw that. Crazy.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
12-22-2022, 11:15 PM
|
#62
|
First Line Centre
|
Quote:
Originally Posted by ah123
|
I have last pass. Should we be updating each individual password inside as well as the master password to access last pass itself?
|
|
|
12-22-2022, 11:46 PM
|
#63
|
It's not easy being green!
Join Date: Oct 2001
Location: In the tubes to Vancouver Island
|
It’s more of a privacy breach. Your passwords on their own, they’re safe unless your master password is simple.
__________________
Who is in charge of this product and why haven't they been fired yet?
|
|
|
The Following User Says Thank You to kermitology For This Useful Post:
|
|
12-22-2022, 11:57 PM
|
#64
|
First Line Centre
|
Quote:
Originally Posted by kermitology
It’s more of a privacy breach. Your passwords on their own, they’re safe unless your master password is simple.
|
I see. I only have passwords saved there for various websites. So the hackers now know I bank with RBC?
|
|
|
12-23-2022, 12:54 AM
|
#65
|
It's not easy being green!
Join Date: Oct 2001
Location: In the tubes to Vancouver Island
|
Yep
__________________
Who is in charge of this product and why haven't they been fired yet?
|
|
|
The Following User Says Thank You to kermitology For This Useful Post:
|
|
12-23-2022, 01:07 AM
|
#66
|
First Line Centre
|
Quote:
Originally Posted by kermitology
Yep
|
But that's the extent of it. They wouldn't know my password to RBC?
|
|
|
12-23-2022, 08:55 AM
|
#67
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Not unless they can guess the master password to your password safe, which should be something both complex and unique. If they guess that then they've got all your passwords for everything.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
The Following 2 Users Say Thank You to photon For This Useful Post:
|
|
12-27-2022, 01:16 PM
|
#68
|
#1 Goaltender
|
Quote:
Originally Posted by Izzle
But that's the extent of it. They wouldn't know my password to RBC?
|
Even if they crack your vault and get your RBC password, you’ve got MFA turned on for your bank and all other important accounts right?
|
|
|
12-27-2022, 01:31 PM
|
#69
|
First Line Centre
|
Quote:
Originally Posted by Inglewood Jack
Even if they crack your vault and get your RBC password, you’ve got MFA turned on for your bank and all other important accounts right?
|
Yup I do. And I haven't saved any of those answers in lastpass.
|
|
|
12-28-2022, 04:32 PM
|
#70
|
Franchise Player
Join Date: Apr 2003
Location: Not sure
|
Hopefully have MFA turned on for LP too.
I've really got to get off the app based MFA, anyone here using Yubikey? I've heard mixed reviews with them but as far as I can tell, it's the best form of MFA you can get atm.
|
|
|
01-02-2023, 11:30 AM
|
#71
|
First Line Centre
|
Quote:
Originally Posted by GoinAllTheWay
Hopefully have MFA turned on for LP too.
I've really got to get off the app based MFA, anyone here using Yubikey? I've heard mixed reviews with them but as far as I can tell, it's the best form of MFA you can get atm.
|
Yes. Yubikey FTW!
I do use them in a few different manners:
- with the Yubico Authenticator ("YA")....so several copies of YA on phones, PCs wherever and multiple Yubikeys ("YK") all "recognized" by YA. So, if I lose a phone or a PC craps out ANY OTHER YA will still work. Essentially these back up each other as they are redundant copies.
- in Windows Hello....MUST insert a YK to boot to OS. If no key...no access to the (encrypted of course) OS.
- as a sole identifier: so, if adding (say) 1Password to a new machine, not only do I need to supply the various requirements of 1P, but the 2FA from a YK as well in order to install it and make it effective.
When we travel, my wife has a spare YK that can access everything on her key ring in case one of my usual copies gets lost. As well....a backup at a secure location of course.
Can be a bit confusing at times, but worth the effort in the learning curve.
Start with things that "don't matter" in order to test.
__________________
Hey...where'd my avatar go?
|
|
|
The Following 2 Users Say Thank You to taxbuster For This Useful Post:
|
|
01-02-2023, 11:50 AM
|
#72
|
#1 Goaltender
|
Quote:
Originally Posted by Izzle
Yup I do. And I haven't saved any of those answers in lastpass.
|
account verification or password recovery Q&A is not the same as MFA. the F in MFA are the different factors, which is usually something you know (password) plus something you have (device).
RBC has MFA via the phone app, it's a simple approval button, no code typing required. they only added this within the last couple of years though, which is way too late for a big bank. I assume all other Canadian banks have similar options.
|
|
|
01-02-2023, 12:36 PM
|
#73
|
First Line Centre
|
Quote:
Originally Posted by Inglewood Jack
account verification or password recovery Q&A is not the same as MFA. the F in MFA are the different factors, which is usually something you know (password) plus something you have (device).
RBC has MFA via the phone app, it's a simple approval button, no code typing required. they only added this within the last couple of years though, which is way too late for a big bank. I assume all other Canadian banks have similar options.
|
I see. I have RBC set up where it will text me a code, which I then enter into the app.
Other websites that I usually frequent have something similar. Either they text me a code or they email me after I put in my password. I typically use my phone to access my email for the code. When I access Gmail on the computer, my android phone asks me to click "yes, it's me" before giving me access to Gmail on the computer.
Last edited by Izzle; 01-02-2023 at 12:38 PM.
|
|
|
01-02-2023, 03:11 PM
|
#74
|
First Line Centre
|
Quote:
Originally Posted by Izzle
I see. I have RBC set up where it will text me a code, which I then enter into the app.
Other websites that I usually frequent have something similar. Either they text me a code or they email me after I put in my password. I typically use my phone to access my email for the code. When I access Gmail on the computer, my android phone asks me to click "yes, it's me" before giving me access to Gmail on the computer.
|
The problem with the "texted code" syndrome is that it is the cheapest form of what they like to call Multi-Factor Authentication. It is known better as Two-Step Authentication...and is considerably at risk to a SimSwap.
As soon as someone performs a SimSwap on your phone account they have access to your actual phone number...and any code sent to it. So if your PC (or phone) get compromised, and then the attacker swaps sims....you're pooched. Banks don't care....they'll blame you and leave you to hang.
An Authenticator App is certainly better than a texted code...for anything.
Another approach is to start an account at voip.ms and create an SMS account that is NOT attached to your phone, and which can either send an message to your email or another phone (or both). I have friends doing this while out of the country without regular phone access.
And, FWIW, TD has finally issued an Authenticator App as well for their regular banking. Some banks ARE wising up.
__________________
Hey...where'd my avatar go?
|
|
|
The Following 2 Users Say Thank You to taxbuster For This Useful Post:
|
|
01-02-2023, 04:18 PM
|
#75
|
wins 10 internets
Join Date: Feb 2006
Location: slightly to the left
|
My primary bank is Scotiabank and their mobile app acts as an authenticator as well, requiring you to approve any sign-in on an unrecognized device. I use the Google Authenticator for my Bitwarden master password, everything else is minor enough that I'm fine with SMS 2-step auth
|
|
|
01-02-2023, 06:11 PM
|
#76
|
Franchise Player
Join Date: Apr 2003
Location: Not sure
|
Quote:
Originally Posted by Inglewood Jack
they only added this within the last couple of years though, which is way too late for a big bank.
|
Agreed. RBC can be frustratingly slow with things like this. And before that, they had to push their own wallet instead of just being part of google or apple pay.
Glad they finally got around to providing something like this. Better late than never but it was starting to look like never for a while there.
Shaw needs to get on this too for that matter, still screwing around with email or text based MFA.
|
|
|
01-02-2023, 06:33 PM
|
#77
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Quote:
Originally Posted by taxbuster
And, FWIW, TD has finally issued an Authenticator App as well for their regular banking. Some banks ARE wising up.
|
Hoping BMO does this soon.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
05-17-2023, 09:56 AM
|
#78
|
Powerplay Quarterback
|
Has anyone used Microsoft Authenticator as a password manager?
Also, I find the RBC authenticator doesn't seem to function properly when I try to log in at work. I have to use the text option basically every time. It happens at home occasionally too, but it used to work fine everywhere. Just this year it seems to have started to be flaky.
__________________
Sent from an adult man under a dumpster
|
|
|
05-17-2023, 06:54 PM
|
#79
|
First Line Centre
|
But...why? It integrates on a phone only with Safari. Not sure it's easy to set up on multiple locations (eg desktop PC, phone, laptop, spouse's PC or phone).
1password.ca does all of that - and hosts its data only in Canada. Also a Canadian company. Integrates with pretty much all browsers. Generates its own TOTP codes if desired. Shares access to all, or only specific, vaults.
Yea, it costs a few bucks. But why use a deficient product instead? (Honest question BTW...not crabbing at you!)
__________________
Hey...where'd my avatar go?
|
|
|
05-17-2023, 06:55 PM
|
#80
|
First Line Centre
|
Quote:
Originally Posted by darockwilder
Also, I find the RBC authenticator doesn't seem to function properly when I try to log in at work. I have to use the text option basically every time. It happens at home occasionally too, but it used to work fine everywhere. Just this year it seems to have started to be flaky.
|
Check your time settings. If your time is off, TOTP won't work well. Or at all.
__________________
Hey...where'd my avatar go?
|
|
|
The Following User Says Thank You to taxbuster For This Useful Post:
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 06:03 AM.
|
|