• Welcome to Photrio!
    Registration is fast and free. Join today to unlock search, see fewer ads, and access all forum features.
    Click here to sign up

For Sale Beware, Buyers - Account Takeover?

Trader history for peoplemerge (0)


It might be so but that’s why this forum as a backdoor in case we loose access to Authy whatever the reason is.
 
I'd rather let my browser store my passwords. I can make them as obscure as I like, and the only time I have to think about it is when I'm not at my home computer (or laptop, I can prime that when I'm at home).
 
So in summary Photrio offers the auty 2FA service to its members and on the surface at least there is no charge by auty . However if the "sting" is ever executed at some point in the future then as long as it is only your Photrio site for which you use auty then the latter withdrawing its use of its 2FA from you as a result of your not agreeing to a charge in the future the worse that can happen is that you are no worse off than now?

Have I got this right?

Thanks

pentaxuser
 
Basically yes, even if they decide to block the service until I paid, the forum provides a backup codes you can save in your vault or under the coach to get access again to the forum.
Sean or mods can assure this 100%
 
alexvaras said:
Basically yes, even if they decide to block the service until I paid, the forum provides a backup codes you can save in your vault or under the coach to get access again to the forum.
Sean or mods can assure this 100%
Click to expand...
Thanks. So Photrio provides back-up codes that we save in our vault What and where is this vault and does Photrio give you these codes when you fist use auty and what does "under the coach" mean?

I am confused by these terms such as vault, codes and coach. I may be alone in this but an explanation as to what this means in practical terms would be helpful

pentaxuser
 
Everything you state is an equally good argument to use an offline password manager, plus you don't have to trust Google to remain benevolent and bulletproof.
 
grain elevator said:
plus you don't have to trust Google to remain benevolent and bulletproof.
Click to expand...

Yep. I don't understand why people think it's more secure to let someone else keep all their passwords than whatever they've been doing before (as long as it wasn't "1234Fluffy$" or something similar on every site). Just means someone only has to steal one password to get everything, or I need a physical key (2FA dongle) to get to my entire life; I don't see that as an improvement anyway.
 
pentaxuser said:
Do you or anyone else have the answer to my earlier question, namely, if you never logout so you do not use your password does this make it easier for someone to highjack you account or make no difference?
Click to expand...



Still unanswered as far as I see.


I assume it makes no difference, unless the frauder is trying to copy ones password whilst oneself is using it for logging in.
 
@pentaxuser I don't see that it makes a lot of difference. If you do something that gives a remote attacker access to your computer (which might only be previewing the wrong email or opening a trusted web site that accepted a "bad" advertisement), they can read and duplicate the login cookie, and they're you as far as the site is concerned. Or they can plant a key logger so the next time the site times out your login, and you have to type your credentials, they get it (along with your bank account information when you pay your bills, and a full list of your porn preferences if any).
 

im glad your situation was a false alarm!
a couple of years ago friends of friends got an email and it said they lost their wallet and to wire them money just like the scheme you witnessed .. turns out the friends who emailed them were down the street, and not globetrotting, and a phone call verified no wallets were lost &c.
im always fond of getting a phone call from myself ( caller ID says its me ) asking for money.

regarding passwords
I typically use the same password for everything PASSWORD$1234. its simple enough to understand and hackers overlook it because it is so obvious, instead they are trying to decrypt a 16 alphanumeric jumble. simple is always the best.
 
Hmmm.....,Donald,now you point out all the possible pitfalls which seem as good as unavoidable at some point, it would seem that no-one is safe. Is that the right interpretation of what you are saying? If so that's depressing enough to engender a feeling of utter hopelessness in me. Just one more question and depending on whether you can help me it may be my last question:

Do you know of any source that supplies those bitter almond pills?

pentaxuser
 
@pentaxuser I lived in Seattle for a couple decades -- there was a major car prowl problem at the time, for which my solution was simple: I followed the advice of authorities and left nothing in the car when parked -- not so much as a tin of Altoids. In warm weather that wasn't threatening rain, I'd go so far as to park with the windows down and doors unlocked. I drove a fairly old car in so-so condition in those days, with a stereo anyone not already hopped up on drugs would know couldn't be sold (at all, never mind for enough to risk two minutes to rip it out of the dash). I never had a problem.

If you have nothing to steal, and that's obvious, thieves have no interest in you. Otherwise, you do what you can. My father used to say "Locks are for honest people" -- an aphorism I've also heard as "Locks are to keep honest people honest." A thief can bypass almost any lock in less time than I can find the key -- but won't bother if there's no reason to believe he needs to.

For my own home computer, I use Linux instead of Windows or Mac (greatly reducing my threat cross section, since most Linux malware is aimed at servers and doesn't care about desktop machines), run an obscure, but still supported browser, let the browser store my passwords, and don't have enough money anywhere (online or not) to be worth stealing it. It's still possible I could get hacked or my identity stolen, but I'm not a very juicy target, and the odds are against it.
 
@Donald Qualls I wonder if someone could still take a loan under your identity?
Also: fellow Linux user, I see!

BTW, I had to pressure spouse to get a credit report, free yearly one, per state law.
She finally did it, but only Experian responded, presumably trying to sell some products. ^sshats.
 
@jay moussy Well, I got a car loan at a decent rate in 2015, but PayPal wouldn't give me their credit card for a purchase last year. I intentionally avoid the "you aren't credit worthy unless you're in debt" trap -- so someone could get a loan, probably (predatory lenders will lend to folks obviously headed into bankruptcy, however little sense that makes), but it would be very sub-prime...
 
Not sure I can do what you did Donald in terms of old cars, Linux etc but certainly a deal of "glass half empty" rather than "half full" outlook in this day and age and a decent internet security package is sensible .

It looks like my British sense of humour failed to fly the Atlantic again. Could it have managed the shores of Canada? Just maybe it might have made Newfoundland where I have been informed they drove on the left until 1947

pentaxuser
 
I've watched hundreds of episodes of Monty Python, Benny Hill, Two Ronnies, and so forth. Your humor might just have been a little too subtle...
 
pentaxuser said:
Do you or anyone else have the answer to my earlier question, namely, if you never logout so you do not use your password does this make it easier for someone to highjack you account or make no difference?
Click to expand...
AgX said:
I assume it makes no difference, unless the frauder is trying to copy ones password whilst oneself is using it for logging in.
Click to expand...

I think it's not a big difference. You have to think about the attack surface. If someone has access to your computer/browser, they can use it to log in to this site and get your password. But then you have bigger problems, namely, that they're in your computer and can watch you log into your bank accounts (via donald quails? mentioned the insidious keyboard loggers). If you log out and log in every time vs leave yourself logged in, it's not a major difference IMO. There have historically been cookie hijacking attacks, but modern browsers do a pretty good job afaict.

However the 10,000 pound gorilla is anyone logging into photrio which they used on another site, and the other site has been cracked. Those passwords are freely for sale to any buyer with the right quantity of bitcoins.
 
I have been following this thread since the start and here is my take:
1-I need to be on line to manage my money, to buy stuff etc.
2-I have taken the precaution to use complex passwords and many which are kept on a notebook that travels with me.
3-I update the software frequently. Use a firewall,etc
I think this is all I can do, everything else is out of my control so, following the stoics, I couldn't care less.
Pleae correct me if I am wrong, no offence will be taken no matter how much of an idiot it turns out that I am
 
@Gaston 012 , I would say you only need to memorize one to four long memorable passwords. Use a password manager such as Google Chrome, Apple Safari, or better still 1Password or Keypass. I use Google mail which includes a password manager and that saves 95% of websites like Photrio, and it will suggest gobbledygook passwords so I don’t have to. I don’t use chrome for really important stuff like a bank. It’s better to memorize something critical like that and change it every 6mos just in case.

The problem with a written list that you carry with you is if it gets lost or stolen, it’s the keys to the kingdom. A password manager that you can get on both your secure phone and computer is better.
 
One thing I realized about the written list is that I only really need it for my infrequently used passwords, so I don't carry it with me. The ones I use all the time I remember.
 
A few years ago I got a '$400+ demand letter' from PayPal in Toronto which I thought was more than "somewhat strange" since I had never applied for a Paypal account. After some two demands via Canada post "registered mail' I called 'collect' to PayPal on Toronto and indicated my lawyer would be in contact with them in due course for their 'representative to appear' in a local court with 'physical' evidence that I had applied (and was provided a PayPal account 'number'
I week (or so) later I received a letter of 'apology' indicating that 'somehow there had been a 'mistake' in their records.

Ken
 
You must log in or register to reply here.
Menu
Log in
Register