pikestaff
Member of DD Central
Posts: 2,187 
Likes: 1,546
|
Post by pikestaff on Nov 13, 2015 15:07:26 GMT
stevio I get a 'page not found' error if I try to follow the link, but a Google search for forbes lastpass hacked will find it. Possibly a firewall thing.
|
|
stevio
Member of DD Central
Posts: 2,065
Likes: 894
|
Post by stevio on Nov 13, 2015 15:23:44 GMT
|
|
stevio
Member of DD Central
Posts: 2,065
Likes: 894
|
Post by stevio on Nov 13, 2015 15:30:06 GMT
How much you bid, gives an indication of how much you might have in your FS account As quite a lot of people use the same username and password, someone who hacks your password will then attempt it on multiple P2P sites and other sites that only require username and password eg Paypal, Facebook etc stevio, are you implying that you use the same password on all these websites? No, I use a different password for each and every site which I randomly generate myself using the maximum characters possible However, I am not the norm and there are plenty of people using the same username and password for each site - which FS are kindly posting 50% of their security data
|
|
pikestaff
Member of DD Central
Posts: 2,187
Likes: 1,546
|
Post by pikestaff on Nov 13, 2015 15:41:34 GMT
|
|
ablender
Member of DD Central
Posts: 2,204
Likes: 555
|
Post by ablender on Nov 13, 2015 15:41:56 GMT
I think there are many other ways how to increase security, if you think it is a problem. The email can be used for logging in, use of security questions, 2-stage verification, or others that I do not know of. Definitely not hiding the username. That is why it is called username so that we can refer to the user. Hiding this will result in people abusing hidden under a cloak like what is happening at SS.
|
|
mikes1531
Member of DD Central
Posts: 6,453
Likes: 2,320
|
Post by mikes1531 on Nov 13, 2015 15:58:45 GMT
That is why it is called username so that we can refer to the user. Hiding this will result in people abusing hidden under a cloak like what is happening at SS. With respect to what's happening at SS, the important thing is that SS know exactly who the perpetrator is and therefore can deal with them. Do I care who the abuser is? Not really, as I don't expect it's anyone I've come across via the forum. I could be wrong, of course, and in that case I suppose I would like to know. And I must admit that I often do look at the list of who's bid on a FS loan. For those loans where there's more than a minute to bid before the loan is fully funded, the usernames on the list can influence how much I bid. (If someone whose opinion I respect has put in a large lump of their own money then it increases my confidence that the loan is a reasonable one for me to invest in.)
|
|
|
|
Post by eascogo on Nov 14, 2015 1:51:59 GMT
That is why it is called username so that we can refer to the user. Hiding this will result in people abusing hidden under a cloak like what is happening at SS. With respect to what's happening at SS, the important thing is that SS know exactly who the perpetrator is and therefore can deal with them. Do I care who the abuser is? Not really, as I don't expect it's anyone I've come across via the forum. I could be wrong, of course, and in that case I suppose I would like to know. And I must admit that I often do look at the list of who's bid on a FS loan. For those loans where there's more than a minute to bid before the loan is fully funded, the usernames on the list can influence how much I bid. (If someone whose opinion I respect has put in a large lump of their own money then it increases my confidence that the loan is a reasonable one for me to invest in.) I too like to look at the bids. If a number of bidders are investing five or six figure sums it bolsters my confidence. Feeding the listing of past loans into a spreadsheet may yield some interesting results. And yes it would reveal the big investors in FS though not their real identity unless they have been careless. With regard to safety, logging in with a username is likely to be more, not less, secure than logging in with an email address. This is one reason why banks and many other website implement a third layer of security. This said I would still prefer FS to add a third layer.
|
|
ribs
Probably not James Marshall
Posts: 148
Likes: 151
|
Post by ribs on Nov 16, 2015 19:37:45 GMT
That link 404'd for me. But I already know what it says: "Panic panic panic!!! Everyone's stuffz is expossedddd!!!!11!11oneone" The media is really good at spreading FUD, and this isn't an exception. The truth is, as usual, much more nuanced than that. From Lastpass' Blog: *ahem*... So, the authentication hashes were exposed... Why is the data hashed? Because it's expected to be stolen at some point. This is actual security, not security through obscurity, which Sony was stupid enough to rely on, more than once. The full post is here: blog.lastpass.com/2015/06/lastpass-security-notice.html/Actual security experts will confirm; Lastpass is security done right: arstechnica.com/security/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/So yeah, don't worry about it. If you're using something like Lastpass, which is as secure as lastpass (with ACTUAL security), then you really have little to worry about.
|
|
