This is done by programs.Īll that is needed is a program which gets intercepts the traffic between the programs, and intercepts the data traffic. The computer recognizes the location of the cursor and the element that is on the screen. I still question can a keylogger detect me selecting that picture when I do it via a drop down and click on the picture and click OK? IIRC that was how it worked. But this is for a safe no external source would send me anything so the 2nd factor would be the same until I change it. Zaplunken wrote:The problem with a unique 2nd factor each time (I believe Google sends this to a phone) is I don't have a phone that can receive a text but I think they can send a voice code. Of course, I wait until I have a few thousand of these The big lesson here is not to click on links in emails. Then the next session, I do the same thing, but when you logoff, I send you the logoff page that I stored earlier, butĪt this point, I have an authenticated session, and you are no longer getting any data back, so I can go ahead and transfer
I "listen in" to see what the bank sends you when you logoff. This way I get to listen in on the conversation. Pass them along, and pass back the answer. You follow your normal login procedure, two factor or not it does not matter, I ask for your credentials, and
I send you a link in an email to my site which looks just like your bank's login. If the authentication on the machine you are logging into is set up correctly, this is one time use, so even if a keyloggerĪ man in the middle attack can still work. So can a keylogger detect the file I select on the login screen as the 2nd part of my "password"? I don't type in the file name of the picture rather I select it from a function like how we select and upload our avatars.įor a second factor, you want something completely separate.Ī keylogger can't can't look to read the token.
#Pwsafe flash drive password
Is that correct? Ex - I experimented once with this and used a photo on my C drive as the 2nd part of logging into the password vault but I didn't use it as I thought it was overkill and what if I lost the picture. So if a keylogger got my master password the jig is up BUT if I was using 2 factor id the key logger can't know that. That is something I have been worried about though I never have had a problem with a keylogger. It is totally random characters, there isn't any rhyme or reason to it.īut I see your point about a keylogger. My real master password is nothing like your example. Once you've done the two-factor authentication for them, they can do anything you can. All they have to do is take over your computer and then wait for you to log in. Unfortunately two-factor is not nearly invincible. The badguys might spy on you typing in your password for later use, or they might copy the passwords from a site that stored them without hashing.
#Pwsafe flash drive cracked
For example, if your password is qwertyuiopasdfghjklzxcvbnm it will be cracked very quickly even though 26 random lowercase letters would indeed be virtually uncrackable.īeyond that, there are other problems other than password cracking that two-factor might help with. Patrick wrote:It is possible that your password could be cracked more easily than indicated on that site. Is 2F identification really worth it for my password safe that is NOT in the cloud but rather on 2 thumb drives not even the C drive? today maybe 20 years from now but for today that's an invincible time frame IMHO. So according to the site the fastest time is a time frame that couldn't possibly be accomplished. (Assuming one hundred trillion guesses per second)ę.38 hundred billion trillion centuries (Assuming one hundred billion guesses per second)ę.38 hundred trillion trillion centuries (Assuming one thousand guesses per second)ę3.83 billion trillion trillion centuries Time Required to Exhaustively Search this Password's Space: Search Space Size (as a power of 10):Ē.95 x 1047 Search Space Length (Characters):Ē4 characters This is what the site says about "my" password. So if my master password was Hj8&2m I put in Na7(9i and my master password is 24 characters in length.
#Pwsafe flash drive crack
So if you use a site like this to determine how long it would take to crack your password do you think you need to use two factor identification with your password safe? I entered a password "like" my master password just changing the letters, numbers and special characters exactly as they are in the real password.
0 kommentar(er)
