PDA

View Full Version : Norton Identity Safe



Moses Yoder
07-13-2014, 6:01 AM
Okay, thanks to the password thread I did a search and found Norton Identity Safe. I am just starting out generating passwords and using them. I am the guy that only had one password for everything, my email got hacked in India (I should think they were bored to death). At the time I was not banking online and did not have PayPal linked to my bank account, now I do. So is Norton Identity Safe and the Norton password generator good enough for an average Joe or is it really necessary to spend money on something that isn't free?

Dan Hintz
07-13-2014, 7:37 AM
Why anyone would spend money on a password generator is beyond me... create a random string in your head and write it down for safe keeping.

John Huds0n
07-13-2014, 8:43 AM
Take a look at "LastPass" (which is free by the way)

https://lastpass.com/misc_download2.php


some reviews of password managers:
http://www.pcmag.com/article2/0,2817,2407168,00.asp

Myk Rian
07-13-2014, 8:44 AM
I agree with Dan. Make up your own passwords.
I have never linked my bank account to PayPal. My C C is enough for their records.

Moses Yoder
07-13-2014, 9:00 AM
Why anyone would spend money on a password generator is beyond me... create a random string in your head and write it down for safe keeping.

According to your posts in the thread on passwords that wouldn't work. You need an air gap around your electronics and need to design a new house built as a faraday cage. For those of us who don't know anything about computers that sounds really ridiculous and at the same time a little scary. The advantage of the Norton Security safe (a free download) is that it generates a completely random password for each application. This would not be true if you made one up in your head; the passwords would all be based on your preferences and characteristics. Plus, with the Security safe I can copy the password for each site and paste it in. I think if I figure out how it will even enter the user name and password for me. The only password I have to make up and write down will be the one for the safe. I find it extremely difficult to enter a string of 12 or 15 random characters from a piece of paper into the computer.

Scott Shepherd
07-13-2014, 9:24 AM
According to your posts in the thread on passwords that wouldn't work. You need an air gap around your electronics and need to design a new house built as a faraday cage.

In fairness, I don't think Dan ever told anyone to create and air gap or use a faraday cage. Someone had said the only way to keep things safe was to unplug from the internet, and he replied you were still at risk if you did that, to the right people. I asked about the faraday cage, just as curiosity, and he replied that it would help, but not stop it. There was never mention that anyone should use either of those things to maintain security.

I don't think it's as hard as you are making it. Pick something in your life that has meaning, maybe your first family pet's name. Then just add one number and one character to it. Like "Muffin5$". If you have to change it, change it to "Muffin6$", "Muffin7$", "Muffin8$". Or make it "5$Muffin5$". Doing that, you'll be pretty darn safe.

My Apple products have the password generator built in, they'll generate some crazy scheme of passwords, save it across tablets, phones, desktops, and laptops, but if you ever use someone else's computer to log into something, you won't know what it is. Most of the time, since I let it generate them, I have no idea what my passwords are, nor do I need to know. If I forget it, or can't log in, I hit the "forgot password" button and create a new one.

Raymond Fries
07-13-2014, 10:24 AM
Moses - I believe that any application that creates passwords that are strong is adequate. I am not familiar with the Norton application but would guess that it creates strong passwords.

Strong passwords use a series of numbers, letters, and or symbols. A mix is required and sometimes a capital letter is required.

I used to work in an IT position for a large corporation and our passwords were strong and needed to be a minimum eight characters long.

If you really want to be safer, change them sometimes. We had to change our login passwords every 30 days.

Dan Hintz
07-13-2014, 10:25 AM
According to your posts in the thread on passwords that wouldn't work. You need an air gap around your electronics and need to design a new house built as a faraday cage. For those of us who don't know anything about computers that sounds really ridiculous and at the same time a little scary. The advantage of the Norton Security safe (a free download) is that it generates a completely random password for each application. This would not be true if you made one up in your head; the passwords would all be based on your preferences and characteristics. Plus, with the Security safe I can copy the password for each site and paste it in. I think if I figure out how it will even enter the user name and password for me. The only password I have to make up and write down will be the one for the safe. I find it extremely difficult to enter a string of 12 or 15 random characters from a piece of paper into the computer.

You're making things harder on yourself than necessary. If you want truly random (what was originally asked for), write down letters, numbers, and symbols from the keyboard on scraps of paper and put them into a fishbowl. Keep picking scraps of paper (and putting them back in the bowl after each pick) until your password is as long as you deem safe.

If you want something that's more easily remembered, do the same as above for only a few characters in the password, and make the rest a word/phrase that has meaning to you but not anyone outside of your immediate circle. Steve's "Muffin" option, for example.

Dave Sheldrake
07-13-2014, 10:29 AM
is that it generates a completely random password for each application

Sadly Moses it doesn't, a windows based PC has not had the ability to generate a truely random output for many years.

Imagine having 15 bank vaults with 15 different locks and 15 different passwords. It's going to be very hard for the thief to get through all 15 layers of security. Good news for them is, they don't have to...they just need to get through one....the code that lets them into the safe that stores the passwords.....

Was me that mentioned nothing online is safe Scotty :) and it remains true...

The determined and resourceful attacker can get through just about anything...the only consideration is will the result justify the time, if they are going to steal $200 from your paypal, they won't bother, if there was $200,000,000 in paypal that attracts people with better resources.

In effect if it exists...it can be stolen...the question is will those with the resources want to?

cheers

dave

Dan Hintz
07-13-2014, 10:29 AM
Moses - I believe that any application that creates passwords using strong encryption is adequate. I am not familiar with the Norton application but would guess that it uses strong encryption.

Strong encryption uses a series of numbers, letters, and or symbols. A mix is required and sometimes a capital letter is required.

I used to work in an IT position for a large corporation and our passwords used strong encryption and only needed to be eight characters long.

You're confusing two totally different things. Encryption has zero to do with how a user-viewable password is generated or how easy it is to guess such a password via brute-force methods. I would only suggest 8-character passwords for sites such as forums (like this), junk email accounts, etc.

Raymond Fries
07-13-2014, 10:37 AM
Well maybe I had a bad term told to me. I will edit my post. Thanks



Moses - I believe that any application that creates passwords using strong encryption is adequate. I am not familiar with the Norton application but would guess that it uses strong encryption.

Strong encryption uses a series of numbers, letters, and or symbols. A mix is required and sometimes a capital letter is required.

I used to work in an IT position for a large corporation and our passwords used strong encryption and only needed to be eight characters long.

If you really want to be safer, change them sometimes. We had to change our login passwords every 30 days.

Chuck Wintle
07-13-2014, 11:30 AM
Why anyone would spend money on a password generator is beyond me... create a random string in your head and write it down for safe keeping.
i agree with dan...just pick some letters, numbers and symbols at random and write it down in a little book. do not waste money on a program...can you be sure this program is legit and not sending info back to the collective? :D:eek:

Jessica Pierce-LaRose
07-13-2014, 11:53 AM
I don't think it's as hard as you are making it. Pick something in your life that has meaning, maybe your first family pet's name. Then just add one number and one character to it. Like "Muffin5$". If you have to change it, change it to "Muffin6$", "Muffin7$", "Muffin8$". Or make it "5$Muffin5$". Doing that, you'll be pretty darn safe.


Those types of passwords are going to be fairly quickly cracked by anyone using tables. Some of the Ars Technica articles I've linked in the past threads (like this one (http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/)) discuss this a bit.

Again, this is not really an issue for things like forum accounts, etc. - provided you aren't using the same password for your email account, or banking accounts, or other accounts. Honestly, the major hacking to be concerned about as an individual is via shoddy security on the sites end, not yours. If some forum has lax security, because they don't think there's anything of value there (and their probably isn't) but a hacker is able to get ahold of all the password information for that site, a large number of those people are apt to have the same password for their email accounts. From there, they've got a good snapshot of info on you, and a chance at getting into banking or something else. More likely, they'll be using those password/username combos at other places, trying to get to somewhere (an iffy online retailer, etc.) that has your credit card info saved. That's usually the final target, in my understanding, for these types of hacks - getting credit card numbers, which are sold in bulk numbers to other crooks. If you're not a high-profile target, (you have access to gov't or corporate secrets, you're a diplomat, etc.) just a schmoe, the two things that nefarious folks are probably looking to do is get your credit card number, or make your computer part of a bot-net.

At the end of the day, your credit card issuer should protect you from all fraud, (i.e., you won't be liable) assuming you report it if you catch it before they do. I only use credit cards, not debit cards online, because being without my credit card while things sort themselves out might suck, but having my actual money tied up for any period of time would be a hassle.

Again, using two-factor authentication on websites you care about (banking and email, and anything that stores your credit card) goes a long way. Simple passwords for things that don't have sensitive info (like SMC) provided they aren't the same as other places is probably fine. Using different email addresses for things that involve money and everything else is a good idea.


Ars also has a good article on getting started with password managers:
http://arstechnica.com/information-technology/2013/06/the-secret-to-online-safety-lies-random-characters-and-a-password-manager/

But even Bruce Schneier says (https://www.schneier.com/blog/archives/2005/06/write_down_your.html) writing down your passwords is a find idea. The only trick here is to continue to use hard to crack passwords where needed.

Scott Shepherd
07-13-2014, 12:25 PM
Joshua, thanks for that link, I guess I missed it completely earlier. That was an astounding thing to read. It's just changed my entire philosophy on passwords.

I was amazed while looking at the screen shots of cracked passwords and how so many of them followed a pattern, a pattern that would surely be easy to figure out.

Looks like the use of my Mac's password manager is about to get stepped up. Different, random password for every single site that requires a password. I'm not sure you can do much more than that.

Moses Yoder
07-13-2014, 3:05 PM
Thank you for lots of good info so far. I normally stay logged in to forums. Does this make it easier to get the password? And the other question, does it really matter if someone hacks my Sawmill Creek password so long as I am not using the same word for everything?

Dan Hintz
07-13-2014, 4:00 PM
I normally stay logged in to forums. Does this make it easier to get the password?
In some cases, yes. Google Heartbleed... not a 100% direct relation, any time you have passwords stored somewhere more readily accessible (particularly RAM), the job of finding something useful increases for those with an interest.

And the other question, does it really matter if someone hacks my Sawmill Creek password so long as I am not using the same word for everything?
Not really... they could post as you, but so what.

Pat Barry
07-13-2014, 4:04 PM
I don't think you can do better than to get Norton security products.

Dan Hintz
07-13-2014, 6:46 PM
I don't think you can do much worse than to get Norton security products.
Fixed that for you, Pat ;)

Harry Hagan
07-14-2014, 11:41 AM
My password generator:



Close eyes
Start keying in random characters as you hands wander over the keyboard
Occasionally depress the "shift" key while keying
Cease keying
Open eyes to see if you've keyed in the requisite variety of characters
Safely record and store an acceptable password because it's unlikely you'll ever be able to recall that unique and random sequence of characters unless you have a photographic memory.

Duane Meadows
07-14-2014, 1:46 PM
I don't think you can do much worse than to get Norton security products.



+1 I don't trust anything Norton any more! ;)

Dave Sheldrake
07-14-2014, 3:10 PM
+2

It's some of the most invasive inefficient bloated string scanning junkware I've ever come across.

Brian Tymchak
07-14-2014, 5:59 PM
Some of the Ars Technica articles I've linked in the past threads (like this one (http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/)) discuss this a bit.


Wow. Great article! thanks for the link!

Pat Barry
07-14-2014, 6:33 PM
+2

It's some of the most invasive inefficient bloated string scanning junkware I've ever come across.
Norton Internet Security (2014) is PC magazine Editors Choice. I guess that is pretty bad. LOL. What do you recommend that's better than what PC magazine is saying?

John Huds0n
07-14-2014, 6:50 PM
Norton Internet Security (2014) is PC magazine Editors Choice. I guess that is pretty bad. LOL. What do you recommend that's better than what PC magazine is saying?


Well, if your looking for an anti virus program, I would read one of the independent reviews:

http://www.av-comparatives.org/

https://www.virusbtn.com/vb100/index

I think Norton has gotten a bad rap over the years - but rightfully so

Scott Shepherd
07-14-2014, 7:01 PM
Norton Internet Security (2014) is PC magazine Editors Choice. I guess that is pretty bad. LOL. What do you recommend that's better than what PC magazine is saying?

Pat, that's a review on it's effectiveness vs. a virus. Most people don't fault Norton or McAfee for their quality, they fault them for how they bloat the system down and embed themselves so deep into your system you can't hardly get rid of them without some special tools.

ESET Nod 32 is one of the best out there, it rates higher than most others and it's not very intrusive into the system. It's highly recommended by geeks, who I trust more than magazine's taking advertising :)

Dan Hintz
07-14-2014, 7:42 PM
Norton Internet Security (2014) is PC magazine Editors Choice. I guess that is pretty bad. LOL. What do you recommend that's better than what PC magazine is saying?

I would not consider PC Magazine to be an authoritative source for AV software efficacy (or much else, these days). Let me see if I can summarize the entire AV world in a few sentences...

No AV software in existence recognizes all of the viruses (even ancient ones!). Each will recognize a subset, the size of which will vary dramatically between packages. Package 'A' will recognize virus #1 and not recognize #2 (both being a year old, so plenty of time to add a definition to their database)... package 'B' will do just the opposite. Package 'C' might recognize mutating viruses, whereas you have to go with package 'D' if you want to have any hope of recognizing rootkits and boot sector viruses. Take a standard package of viruses from across the decade and none of the packages will recognize all of the viruses.

Note I said "recognize", not defend against... all packages, to varying degrees, may be able to recognize a specific virus but not be able to defend against it. Nature of the beast.

Norton is...painful... in terms of what it does to your system usability. If you're content with continually losing 100% of your processor for periods of time, allowing your memory resources get hogged, etc., then install Norton tools.

I use Avast! on my home machines, which offers a decent mix of low system resource capture and virus signatures, with algorithms more tailored to the type of web surfing I do. Although I block most ads from FaceBook, for example, its algorithms have captured a few over the last year or two from friends who have had their pages stolen and virus-laden articles inserted. There are other decent packages out there accessible to the home user.