![]() ![]() Is Symantec VIP app available on the desktop? I'm assuming no. It's a nice problem to have actually, assets to protect. As new information comes to light I will adjust accordingly. Only the individual can decided what that point on the continuum that is, I've found my point and am satisfied. ![]() Yes, you can't eliminate the risks only reduce them to a tolerable minimum. But I would agree with a point that your posting dances around which is that it is important to follow vendor system use policies.Ī lot of the "personal security engineering" has to do with finding an easy to use, small set of robust solutions for all of the myriad accounts one nay have, each with different authentication methods. There also is the hassle factor, temporary loss of access to assets, and the risk out an outcome not 100% satisfactory. A personal security audit using fresh eyes is a good thing to do periodically, I've found things in my own setup that were real head-splappers. In fact, a good way to approach this would be to assume a blocked/hacked account will happen and work through what you would do in that case. keep at least one extra account at another provider with sufficent funds to carry one through for say six months at a bare minimum. I think one way to stress less is to have a fallback in case an account is inaccessable for any reason, ie. Yes, there always seems to be a new wrinkle tossed into the mix. For example, I thought I was done when I added a pin to my Tmobile account, but then realized that the PIN can still be bypassed. I think the annoying part is that I have to do my own security audit. Even in-person verification isn't, since fraudsters can use fake IDs such as in this case at Verizon: You can try to make the ID verification stronger, but it will never be perfect. In the end an override must always be possible to ensure that the legitimate customer can access what they paid for no matter what, even if that means security is weakened. Which can (and probably often is) forgotten by the customer. The agent would still have to have an option to override this, in case the customer lost the phone including SIM and thus can't receive a code (that's probably the most common legitimate case for switching a line to a new SIM). Is the actual implementation done well? I don't know. The agent would enter what the customer provides as input to the process. For instance, the agent does something to generate the code, but has no visibility to the value. Implemented correctly, a customer service agent would not be able to override it. Formerly Sprint and now T-mobile send an SMS code to the phone number to be ported. I think you do what you can to rest your mind easy and call it day. The complete array of nuts and bolts behind any institutions security apparatus will remain mostly opaque to the end user(us) and that's probably a good thing. What does matter is that you've done enough on your end of "security theater" to satisfy any guarantee of reimbursement in case of fraud, anything above that is for your own peace of mind. Sure, and at the end of the day it probably doesn't matter. For example, it's more typical to get a good answer from a password manager vendor about security. Generally I find that you only get good answer from firms where their product is security-based. Eventually they get send to some security group who also don't want to answer questions about the security or sometimes lack there of. When I ask about voice security and whether it can be hacked using voice synth, their response is "we are really secure". I think these sort of question are hard to get answers from a vendor. I use a burner phone for SMS only, keep VIP on a separate computer from finance computer(which has dedicated 'financial only' email account). When I moved my VIP "device" to a different computer a code(and account #) to my phone was all that was needed, those other "hoops" will remain a mystery. I did the same and the rep said something about "six different hoops" someone would have to jump through but didn't elaborate further. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |