Not really sure about this hacking thing, but if they do hack into your account, wont they have your card details?Another thought about passwords.
There are some websites - but not very many - where I really care about protecting my password. Banks, email, cloud storage, ... but not many. And then there are a whole load where I really don't care very much. For example I've just bought a case for my mobile phone, from a website I'll probably never use again. Why do I care about keeping that secure? If my account is hacked, what are the bad guys going to do - buy me another mobile phone case? So why don't I just use a password like '123456'? It's easy to remember, and if it's cracked it offers absolutely zero clues as to what my other passwords (the ones that I do care about) are.
Could that be part of the reason why passwords such as '123456' and 'password' are so common? Not because people are stupid, but because they're being forced to create passwords for websites which they really don't care about one way or the other?
TBH I'm not sure, I don't log out, I suspect that it might be a "wait 15 minutes" thing though.Do you get locked out of here if you enter the wrong password too many times?
No.Not really sure about this hacking thing, but if they do hack into your account, wont they have your card details?
It's not the sensible businessmen like yourself who are the problem but the people who don't think as you do and will store sensitive details inappropriately. I've actually seen examples of financial data stored in plain text documents helpfully named by customer and postcode! That's why there's still a lot more education required on both sides of the link.So onerous that in my business we don't allow the sensitive card details (which are basically the full card number and the CVV code) anywhere near our website. When somebody needs to pay, we hand them over to the payment gateway website to conduct the transaction, and then back to our website once the transaction is completed.
Thanks, very informativeNo.
I mean, sure, if they hack into my bank account, then they'll have everything. But that one's very secure. If they hack into my account on the website that sells mobile phone cases, they'll get my name, email address, home address, mobile phone number - all of which are readily available elsewhere - and my order history on that website.
When you type your credit or debt card details into a website, they are generally not saved. If you weren't aware of it, the rules for handling card details online - the Payment Card Industry Data Security Standards (PCI DSS) - are very onerous indeed. So onerous that in my business we don't allow the sensitive card details (which are basically the full card number and the CVV code) anywhere near our website. When somebody needs to pay, we hand them over to the payment gateway website to conduct the transaction, and then back to our website once the transaction is completed. That way we only need to comply with a restricted version of PCI DSS rather than the full blown version. Some websites operate at a higher level of PCI DSS by hosting the payment page themselves, and some operate at a still higher level of PCI DSS by offering toy store your card details to facilitate future purchases. But that doesn't happen without explicitly asking you whether you want to do that.
Not really but you can be sure that once it's gone through half a dozen committees and been both gold and platinum plated it will be. I've designed and/or coded various applications in banks and with the databases all the big banks have already it's not that hard. The problem lies in getting the agreements in place to implement things. "Security" and latterly "Data Protection" are always trotted out as excuses for complexity but as many can attest: "security" is not necessarily used in a way most customers would expect.I'm sure the software infrastructure required to put that in place would be pretty expensive.
That is the whole point, it is two factor authentication. anyone trying to get into your account has to have both your phone and your computer. Putting the app on your computer would mean anyone who hacked or stole your computer would have access to the account.which would eliminate having to use a separate device (my phone)
I'm confused, what exactly is a credential? personal data about you? or maybe some form of password?A new technology is coming that eliminates usernames and passwords completely. Once you have registered with a website, you’ll receive a credential from them. Whey you return, all you need to do is present that credential back again confirming “it’s me”.
Absolutely nothing Chris.what could possibly go wrong with having one private company having access to all your accounts
Which sums up the whole security problem neatly. People don't want the hassle of conforming to good security then blame everyone but themselves when the bad guys take advantage.That is the whole point, it is two factor authentication. anyone trying to get into your account has to have both your phone and your computer. Putting the app on your computer would mean anyone who hacked or stole your computer would have access to the account.
TBH I would probably trust the Chinese government to keep my details secure far more than some profit driven American companyWhat was that about Huawei again?
I'm just wondering what Alexa would have to say about thatTBH I would probably trust the Chinese government to keep my details secure far more than some profit driven American company
I'm just wondering what Alexa would have to say about that
We'll never know, it'll be locked down under an NDA.I'm just wondering what Alexa would have to say about that
I didn't read it all, I didn't need too, it was pretty obvious where it was going from the out set.We'll never know, it'll be locked down under an NDA.