|
#1
|
|||
|
|||
Password Security Suggestion--Key Fobs
(This is not my idea. It was originally posted by shawny boy in this thread about a poster who was hacked.)
A key fob is basically a little key chain with a digital display. The display shows a number that changes about every 30 seconds, and in order to log into your account someone would need your screen name, password, and this number. So, a keylogger would no longer do anything because the hacker would only receive your username, password, and a number that's no longer valid. We also wouldn't have to worry about letting our friends use our computers, as long as we don't give them access to the key. It sound like it might be really hard to implement, but PayPal's offering them to clients for $5 each, so it can't be that hard. (link) Is there any reason why the poker sites shouldn't be working to implement this as soon as possible? |
#2
|
|||
|
|||
Re: Password Security Suggestion--Key Fobs
[ QUOTE ]
(This is not my idea. It was originally posted by shawny boy in this thread about a poster who was hacked.) A key fob is basically a little key chain with a digital display. The display shows a number that changes about every 30 seconds, and in order to log into your account someone would need your screen name, password, and this number. So, a keylogger would no longer do anything because the hacker would only receive your username, password, and a number that's no longer valid. We also wouldn't have to worry about letting our friends use our computers, as long as we don't give them access to the key. It sound like it might be really hard to implement, but PayPal's offering them to clients for $5 each, so it can't be that hard. (link) Is there any reason why the poker sites shouldn't be working to implement this as soon as possible? [/ QUOTE ] There is absolutely no reason. But it really should be something that is widely sold in stores, then registered with whatever accounts you want to protect. There should not be individual ones for every service that wants to be more secure. So you could have you one unit with a unique serial or other address then you can register it with PP, or FTP or paypal, or your bank or whatever |
#3
|
|||
|
|||
Re: Password Security Suggestion--Key Fobs
Agreed... a nice idea would be for the sites to offer them for a certain # of action points, which would effectively make sure that the people who needed them had access to them.
|
#4
|
|||
|
|||
Re: Password Security Suggestion--Key Fobs
My password is FTPisrigged##!
|
#5
|
|||
|
|||
Re: Password Security Suggestion--Key Fobs
[ QUOTE ]
So you could have you one unit with a unique serial or other address then you can register it with PP, or FTP or paypal, or your bank or whatever [/ QUOTE ]If FTP or paypal can derive the fob's sequence from a serial number, so can the bad guys. |
#6
|
|||
|
|||
Re: Password Security Suggestion--Key Fobs
[ QUOTE ]
[ QUOTE ] So you could have you one unit with a unique serial or other address then you can register it with PP, or FTP or paypal, or your bank or whatever [/ QUOTE ]If FTP or paypal can derive the fob's sequence from a serial number, so can the bad guys. [/ QUOTE ] Here is a link to the VeriSign sight, where you can do more research on how secure tokens work and some of the options available. VeriSign Site And here is a link to Wikipedia on secure tokens... Wikipedia Secure Tokens We want the "one time" or "single use" type for poker sites. |
#7
|
|||
|
|||
Re: Password Security Suggestion--Key Fobs
I think this is a very good idea. It should also be optional, though. I think something like this may scare away fish if they are required to use it. But for the security-conscious, having the option to use such a token would sure make me sleep better at night.
|
#8
|
|||
|
|||
Re: Password Security Suggestion--Key Fobs
older thread discussing secure tokens. I'd really like to see Stars and Full Tilt implement them.
|
#9
|
|||
|
|||
Re: Password Security Suggestion--Key Fobs
[ QUOTE ]
I think this is a very good idea. It should also be optional, though. I think something like this may scare away fish if they are required to use it. But for the security-conscious, having the option to use such a token would sure make me sleep better at night. [/ QUOTE ] They do it the same way Ebay/PayPal is doing it. PayPal business customers get one for free, regular users have to pay $5 to get one. The poker sites do the same, when an account reaches $X balance they automatically get the choice of have a free token, if the balance is less than $X then the player can buy one for $5 or for Y number of points. It will take a fairly significant investment on the poker sites part to implement this, but the true value in implementing something this is that a) players when well educated will feel and be much safer and b) any government or regulatory body can see they are serious and accountable, making the industry look better from the outside. I would be VERY VERY surprised if the poker sites do this in the near future. Looking from the outside in, it does not appear that these poker sites actually "own" their IT. What I mean is that they do not seem to have their own people working on all aspects of their infrastructure or they do not have the skill sets themselves. PS seems to have their software inside, but FTP appears to have it contracted out. All seem to rely on the datacenter in Canada for networking and server "hands on" work. |
#10
|
|||
|
|||
Re: Password Security Suggestion--Key Fobs
This is a very good idea.
|
|
|