Internet account security interview with Lee Jones

[Freudian]

Funny you should say this just the week after a big story about stolen credit card information was released.

Me, I would like additional layers of security beyond just a password. Yes, I try to protect my computer as good as I can but it is not like browsers and operating systems are vaults. Exploits have been and will be found.

[smoore]

[ QUOTE ]

I enjoy arguing theory and substance but you didn't offer either,


[/ QUOTE ]

false. you offer no theory, I have offered all substance on security.

[ QUOTE ]

other than what I had already opined.


[/ QUOTE ]

AFAICT, you have only "opined" that your buddy got ripped off and that I'm a smartass.

[ QUOTE ]

I also enjoy point by point discussions cause it forces the adversary to actually build a case.


[/ QUOTE ]

yeah, good passwords rock, bad passwords suck.

[ QUOTE ]

Don't know why you are against extra security such as changing passwords, but as someone that regularily has 30K plus in my poker account I welcome anything that will make it more likely that my money will still be there in the morning. Yes, it's saving me from myself but i've certainly done dumber things that have an easy password in my life.


[/ QUOTE ]

...because I'm not a dumbass and I don't want dumbass rules placed on me to cater to the lowest common denominator. Don't make me change my password every X days just because Joe Blow can't figure it out.

[ QUOTE ]
Considering I told you that your first post wasn't funny, I saw the joke. Just thought that you could do better.


[/ QUOTE ]

How the hell do you know? Perhaps I'm comedy-challenged. Don't make fun of the f'in handicapped, man.

[ QUOTE ]

Anyway, thanks for the well-wishes. It's been fun. Hope we find a real topic to debate one day. [img]/images/graemlins/smile.gif[/img]


[/ QUOTE ]

Yeah, me too... actual, secure passwords have been passe for two decades. Lets talk about wlan security!

Don't you find this sort of dissection annoying? I find paragraph conversation much more appealing.

[smoore]

Yeah, stolen CC info off the net is a small problem.

A bigger problem is whoever I run into if I ever decide to get a job as a waiter. If I get the job, I'm not looking for tips, I'm so down on my luck that I need to steal CC info.

The only attraction to getting the info off of the 'net is that you get thousands, possibly millions at a time. As that fraudulent waiter I only get 10 or 15 a night. The computer cracker is now facing "A" felony charges as a terrorist in the US and the guy stealing them from the restaraunt is facing "E" or "D" felony charges for simple fraud.

I mean, c'mon people... anyone who has your poker password has probably simply haxed UR shiz. He is on your machine. He is you.

Tuco... your buddy needs to reformat and reinstall. Then he needs to change ALL his passwords. Seriously. As a security consultant that would be my first order of business. Forget spyware programs, just blast that f'in box.

[Tuco]

[ QUOTE ]
Don't you find this sort of dissection annoying? I find paragraph conversation much more appealing.

[/ QUOTE ]

Almost as annoying as very intelligent people resorting to sarcastic remarks that an eight year old might make. The whole point of my OP was to stimulate some discussion here at a place where people with internet poker accounts loiter. You have proven you have alot to offer the discussion, so why didnt you do that from the start?

As far as the rest of us being dumbasses for wanting extra security, you seem to be missing something. Would you rather play a game for money against players that are dumbasses, or those that are as smart as you? If the dumbasses leave for a site that offers more protection, you will be left playing against all the other MENSA members.

I want extra security, but not something that will cost me a significant amount of time dealing with. I'm fine with extra/changing passwords cause it doesnt take that much effort to comply. Adding fingerprint readers is beyond what i'm ready to put up with.

Tuco.

[Tuco]

I disagree that the person that has your poker password has hacked your computer. I would guess that a large majority of people who have had their accounts "hacked" simply had easy passwords.

My brother says that he hacks private table passwords more often than not on partypoker. I dont think that the majority of players put any more thought into their account passwords than they do their private table passwords.

I agree he does need to reformat and reinstall. I've told him this but you would hope that was his first thought.

Tuco.

[smoore]

OK, I give. Your authoritarian presence supercedes my smartass. I tried to give good advice in my very first post, but I guess it was just too "internet elite", I dunno.

Yes, I want to play against dumbasses. Do I want to change my password every X number of days? no. I've been under that particular system and it sucks. Would I do it if the fish thought it was a good idea? Yes.

Fact is, the fish are the people making passwords like "mydogrox", "hansenrulez" and "hisweety" (heh, if I guessed anyone's password they need to CHANGE IT!)... they won't change even if the sites made them switch the passwords every 10 days. It would just make it a big PITA for them (fish and sites). A little education goes a long way, while rules tend to get ignored or bypassed. If they got bypassed in this case it would mean that the majors might lose business to some fringe site that doesn't require password changes.

Freak incidents happen, common internet security is usually at fault for things like this... guesses, trojans, phishing. Anyone who is vulnerable to this is vulnerable at partypoker.com, amazon.com or paypal.com.

Saying all that, I was the victim of a paypal ripoff in 1999. It was from a site I signed up with that was actually phishing, even though they provided the service they advertised ($10). I got ripped off for a ~ $100 purchase on ebay. I was lucky. Be f'in careful, people.

edit: oh yeah, the biometrics are just a dark, orwellian joke. please, noone take that seriously.

[smoore]

[ QUOTE ]
I disagree that the person that has your poker password has hacked your computer. I would guess that a large majority of people who have had their accounts "hacked" simply had easy passwords.

My brother says that he hacks private table passwords more often than not on partypoker. I dont think that the majority of players put any more thought into their account passwords than they do their private table passwords.

I agree he does need to reformat and reinstall. I've told him this but you would hope that was his first thought.

Tuco.

[/ QUOTE ]

Yeah, I haven't messed around with breaking XP... it could be quite difficult for all I know. Win2k sure wasn't.

You're right.. "mykidizcute" or "bigwillie" aren't going to cut it for passwords... those are definitely guessers. I guess I should have said, "If you have a decent password and they get it they probably just haxed U"

Ok Tuco, I need sleep and the laptop needs a charge... good luck getting these internet sophmores setting good passwords. Please don't get them to agree to changing passwords at the same time or using some sort of hardware device I'll have to keep up with (unless it's optional, of course). Well met.

[RPMick]

[ QUOTE ]
For example if I have played on PS from Sweden all the time, would someone from China be able to log on and play on my account. If yes, why?

[/ QUOTE ]

Because people like me, play from Japan where they live. Return to the states for business and vacation, go off to other parts of the world on business, and play poker online the whole way.

It's not often easy to just pick up a phone and verify my identity every time I land in another country.

PW management is key. Whoever hit on it with the sarcasm is very much correct. As long as sites have processes in place to identify x number of unsuccessful login attempts, a strong password should be all you need.(BTW, sites that limit special character usage in PW's are ridiculous)

The hypothetical, got your computer, got your pw, got your life thing is very unlikely. Especially for people who exert the slightest of protective measures.

My main concern is the larger target, the sites themselves. It's much easier to find and attack a site than it is an individual. Are they obligated in any way to protect your money? Are they required to notify you when your account may have been fraudulently accessed? Do they have a moral obligation to make their security efforts publicly known? Would that even be a good idea?

It's a very interesting topic and one that always catches my eye when brought up.

[Guthrie]

An easy first step would be to stop making half of your logon, your user name, public. You would have a user name, a password, and a screen name. Knowing your screen name would be useless since it couldn't be used to log on.

The same system would also help defeat data mining. You could change your screen name as often as you like.

[Shoe]

If you had one of These for each of the poker sites where you cared about your balance, your account would be much more secure than a user id and password could ever make it. Note that you would use this in addition to your user id and password.

The online game Entropia that uses real money as its "game currency" offer this to it's users as it knows people try to hack anything where money is involved.

In Europe, some companies send you a list of paper with a list of like 50 unique id's on it, that you need to enter in whenever you log into the site, and when you get close to using those 50, they send you another list.


The key to improving internet security is taking steps like these. You have your user name, password, and something physical that cannot be obtained through keystroke loggers, phishing attmepts, etc....