snopes.com  

Go Back   snopes.com > SLC Central > SLC

Reply
 
Thread Tools Display Modes
  #361  
Old 24 September 2018, 07:32 PM
Seaboe Muffinchucker's Avatar
Seaboe Muffinchucker Seaboe Muffinchucker is offline
 
Join Date: 30 June 2005
Location: Seattle, WA
Posts: 18,834
Glasses

Quote:
Originally Posted by GenYus234 View Post
IOW, they don't believe any of what they spew,
IMO, what makes this bad rather than just silly is that they don't care whether what they spew is true or not. They don't care, but their audience wants to believe and therefore does believe, and acts on those beliefs.


FYI, I'm not a very firm believer in the reliability of the press. There's a long history of made up stories, slanted articles and generally non-neutral or ethical behavior.


Seaboe
Reply With Quote
  #362  
Old 24 September 2018, 07:55 PM
Lainie's Avatar
Lainie Lainie is offline
 
Join Date: 29 August 2005
Location: Suburban Columbus, OH
Posts: 74,505
Default

Quote:
Originally Posted by thorny locust View Post
Had you used your snopes password on the chromebook before you lost the password, though?
No, I **just bought** the Chromebook.

Quote:
If so, I withdraw my grumble. If not, I don't see how the chromebook got the password in the first place, unless Google had saved it during the time when you were telling it not to.
The Chromebook didn't "get" anything.

If your concern here is that someone else could have purchased a Chromebook, successfully logged into my Google account on that Chromebook, and then seen my other passwords, yes, that's true -- assuming that this theoretical person had already somehow obtained my Google password. ETA: and usernam

Doesn't seem like a huge security concern to me, but YMMV.

FETA: I never told Chrome to delete passwords it had already saved. I told it to stop saving passwords. That may seem like hair-splitting to you, but it's an important distinction in software.

Last edited by Lainie; 24 September 2018 at 08:02 PM.
Reply With Quote
  #363  
Old 24 September 2018, 08:34 PM
thorny locust's Avatar
thorny locust thorny locust is offline
 
Join Date: 27 April 2007
Location: Upstate NY
Posts: 9,595
Default

Quote:
Originally Posted by Lainie View Post
I never told Chrome to delete passwords it had already saved. I told it to stop saving passwords. That may seem like hair-splitting to you
No, that's a significant distinction; not hairsplitting at all. As long as it was clear in Chrome that telling it to stop saving passwords into your account in the future was different from telling it to delete passwords it had saved into your account in the past, yes, I withdraw the grumble.

Thanks for the explanation!
Reply With Quote
  #364  
Old 24 September 2018, 08:42 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 26,337
Default

My security concern with the whole idea is when you haven't got a new computer or phone, or had to log into Google or anything, but somebody else "obtains" your existing one, and suddenly all the passwords and security measures (except the one on your phone or computer, if set, which may be weak - especially for a phone with the "swipe" feature turned on, where you can quite possibly see the greasy swipe lines by holding it up to the light!).

It makes a mockery of all the other things we used to be told to do, such as "never write down your password, and if you do, never keep it next to your computer!", if - I was going to say, "your computer itself" but it's not even your computer; it's an external corporation which you have no control over and which is storing the information somewhere beyond your control - if that entity effectively not only writes down all the passwords, but types them in for you anyway! I do stay logged into the board, but it's only a local cookie and I could delete it whenever I wanted...

(And that's an irony of the previous lot of EU security regulation; the one that's just been superseded and which concentrated on "cookies"; the cookies weren't the flipping problem! If anything, cookies give you plenty of control over things because they're stored locally and you can delete them - unlike the actual data if it's stored elsewhere, so trying to discourage cookies was counterproductive. The law mentioned "other similar technologies" but a lawyer could easily have got round that by arguing what "similar" meant, I should think. The new laws are supposed to close this loophole by concentrating on the actual data; ironically they seem to have got American companies to finally catch up with the "cookie consent" thing required by the previous laws, but which may not address the issue... the sites that are actually shutting out European users have effectively just admitted that their business models can't survive without collecting stuff that people don't know they've agreed to, and are probably being more honest than the rest!)

Sorry to use your password saga as the basis for a rant, Lainie. I do understand what happened, and that you knew what you had or hadn't agreed to. I was just using other people's confusion as a jumping off point. I also prefer not to have that option switched on...!

(eta) The UK's Data Protection Act, from back in the 1980s, was pretty good on this in the first place. (If you've ever watched Yes Minister, the fictional version of this was one of the few bits of legislation that Jim Hacker ever managed to get passed). It just didn't seem to be in any way enforced until recently. People didn't take it seriously, but did take the EU version seriously. I'm sure it will be the other way around when we come to trade negotiations and product standards, though. Hooray for Brexit, eh?

Last edited by Richard W; 24 September 2018 at 08:47 PM.
Reply With Quote
  #365  
Old 24 September 2018, 09:45 PM
Lainie's Avatar
Lainie Lainie is offline
 
Join Date: 29 August 2005
Location: Suburban Columbus, OH
Posts: 74,505
Default

Obtains my existing what? I mean yeah, if someone steals g-your device while that setting is on **and** you're logged in, that's a risk.

Google does send an alert when there's a log-in from a new device, FWIW.

And no apology needed, I see what you're doing.
Reply With Quote
  #366  
Old 24 September 2018, 10:10 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 26,337
Default

Quote:
Originally Posted by Lainie View Post
Obtains my existing what? I mean yeah, if someone steals g-your device while that setting is on **and** you're logged in, that's a risk.
I meant device, yes. I also meant that in some cases, it's probably quite easy to log in to one's device, at which point all the saved passwords and security information would be readily available.

My current laptop supposedly recognises my fingerprint. Sometimes it doesn't, for example when I've just got out of the bath and it's a bit wrinkly, but on the whole, it does, and so it should be secure. I've not run the reverse test by trying to get anybody else to unlock it with a fingerprint, but I'll take it on trust that it wouldn't work. However, there's still both a password and a PIN backup... I used a decent password (one that I'd not used before and almost forgot myself) but the PIN is not very secure. I should probably remove the PIN option, in fact, but when I was setting it up, it prompted me to add a PIN and so I did. That's the current weakest link on my laptop, and it's not one I had on my last laptop.

My phone also uses a PIN, and that's also weak. It would be stronger if I used a longer number, I suppose... but either way it's not as weak as the swipe option (also based on four digits, so far as I can see) as many people use. I could get into most of my friends' phones just by paying more attention as I sat next to them, and (if they watched me type my PIN) they could do the same to mine. The reason I still prefer typing to swiping is that swiping leaves a visible, physical trail on the screen that typing doesn't.

And these days, once you're in to somebody's phone, you've probably got access to everything else as well. Especially if you're using something like a Chromebook, which is explicitly controlled by Google. But even if you use any sort of cloud-based service such as gmail, Google Drive, Slack or others, and even if you're reasonably aware of this stuff and aren't just clicking "Sign up with Facebook!" on everything.

I've been surprised myself about how much of my personal information has suddenly been available on completely unrelated devices without my intent. I think the most alarming was when, four or five years ago, I decided to check my personal gmail account at work, looked at the email, went back to Chrome (the browser I preferred at the time) and found that it had tried to import all my personal bookmarks from my machine at home into my work browser. I stopped it from doing so - or reversed it, as I think it had already done so before I realised - but the very fact that it had tried to do so was alarming to me. And still is...

(eta) On top of that, half the time I don't even need to log in to my laptop when it activates... if I tell it to sleep, I probably do need to log back in, but if I don't, sometimes it just wakes up again and is already logged in. Maybe I push the button with the right finger to activate the fingerprint analysis, but I'm sure it also sometimes happens just from clicking the mouse. I haven't worked that behaviour out yet, either. And I don't explicitly log out of my laptop, or even tell it to sleep, every time I stop using it for a while.

Last edited by Richard W; 24 September 2018 at 10:18 PM.
Reply With Quote
  #367  
Old 24 September 2018, 10:16 PM
Lainie's Avatar
Lainie Lainie is offline
 
Join Date: 29 August 2005
Location: Suburban Columbus, OH
Posts: 74,505
Default

My Chromebook is never left unattended except at home. My work laptop is occasionally left unattended, but only at work, and I always (virtually) lock it first.
Reply With Quote
  #368  
Old 24 September 2018, 11:03 PM
Richard W's Avatar
Richard W Richard W is offline
 
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 26,337
Default

I'm not working at the moment so the devices I refer to are personal ones. I did always lock my work laptop when away from my desk. Personally I'm more usually concerned about my personal information than with work information, though...!

I don't deliberately leave my phone or laptop unattended either, but given how easy it is to be robbed or burgled (both of which have happened to me in the past) I still sometimes consider what would happen if other people got hold of them even when I do think they're under my control, and it seems to me that a lot of the "helpful" things put in place by Google and so on to make sure that one never needs to type one's passport are actively undermining the point of having passwords and so on in the first place... When using passwords, I tend to try to go for the weaker password for things that don't matter (which is most things that want you to enter a password), and stronger unique ones for the one or two things that do matter. It's harder to do that when everything tries to log you into everything else, and one sometimes has no idea which account it is whose password one even needs!
Reply With Quote
  #369  
Old 24 September 2018, 11:45 PM
ganzfeld's Avatar
ganzfeld ganzfeld is offline
 
Join Date: 05 September 2005
Location: Kyoto, Japan
Posts: 23,657
Frying Pan

Lanie I'm only asking this cause you left me in charge while you were gone but everyone here (except me) was very naughty and are there going to be any punishments?
Reply With Quote
  #370  
Old 25 September 2018, 02:46 PM
Lainie's Avatar
Lainie Lainie is offline
 
Join Date: 29 August 2005
Location: Suburban Columbus, OH
Posts: 74,505
Default

Quote:
Originally Posted by Richard W View Post
I'm not working at the moment so the devices I refer to are personal ones. I did always lock my work laptop when away from my desk. Personally I'm more usually concerned about my personal information than with work information, though...!
I lock my computer to protect my job. :-)* In other areas of my company, employees have access to the personal information of retirement plan participants and other customers, including all the data needed to commit fraud. So my employer takes such things very seriously.

*Although it doesn't seem to have worked, does it?
Reply With Quote
  #371  
Old 25 September 2018, 03:37 PM
Seaboe Muffinchucker's Avatar
Seaboe Muffinchucker Seaboe Muffinchucker is offline
 
Join Date: 30 June 2005
Location: Seattle, WA
Posts: 18,834
Glasses

There is a limit to how paranoid we can successfully be about our devices.

Yes, I write some of my passwords down. Under the old system, when we could choose a password that meant something, and we only had 3 or 4 of them, my memory was sufficient. But this increasingly shrill demand that every password for every account has to be different, has to have characters the hacking programs know you'll use, and has to not be a real word makes it impossible to remember them all.

This is a great article, IMO.

Seaboe
Reply With Quote
  #372  
Old 25 September 2018, 03:54 PM
Kallah's Avatar
Kallah Kallah is offline
 
Join Date: 19 July 2004
Location: Eau Claire, WI
Posts: 2,596
Default

Is it illegal for a doctor to write out a prescription outside of of an office visit, and outside of a previous doctor-patient relationship, for someone they barely know? A friend works around medical professionals (but is not one) and has only bare-bones health insurance, which prevents them from getting much needed care. Even though the medication they need is an inexpensive generic they have been unable to afford the office visit needed to get the prescription filled. Earlier this morning, when they got off work, they texted me saying that one of the doctors they work around took pity on them and wrote the prescription, and they were able to get it filled just fine at a major chain pharmacy on their way home. I'm worried that my friend - not to mention the doctor who likely only has good intentions here - could get in some serious trouble if that prescription ever gets questioned. I'm also worried that without proper testing (such as fasting blood sugar and A1C) the medication might not be a safe dose for them, even if it was the dose they used to take. The only advice I had at the time was for them to be very careful in the first days they started taking the medication again, as blood sugar isn't something to mess around with.
Reply With Quote
  #373  
Old 25 September 2018, 04:23 PM
Sue's Avatar
Sue Sue is offline
 
Join Date: 26 December 2011
Location: Ontario, Canada
Posts: 9,210
Default

It's probably different in the US but here in Canada a doctor can prescribe for a non-patient under certain specific circumstances. Because this is Canada one of those circumstances likely would not be because the person in need cannot afford to get medical care . I don't know if that would be considered an adequate reason should he/she be challenged by someone in the US. Here one reason why a Doctor would be sanctioned for prescribing for a non-patient is because of the idea of prescribing for Internet patients. But mainly that is because one of the things a doctor is expected to do is to actually have met with and examined a non-patient and follow up with them afterwards. Given the doctor in your situation knows the person involved they might be able to argue that they were in a position to assess them and can follow up with them if there are complications from the prescription.
Reply With Quote
  #374  
Old 25 September 2018, 04:25 PM
Meka Meka is offline
 
Join Date: 20 December 2006
Location: Buffalo, NY
Posts: 1,145
Default

Does the concept of 7 being a "lucky" number come strictly from dice games, or is it in some way related to the fact that people will disproportionately choose 7 when asked to pick a number between 1 and 10?
Reply With Quote
  #375  
Old 25 September 2018, 04:31 PM
iskinner's Avatar
iskinner iskinner is offline
 
Join Date: 06 May 2011
Location: Sacramento, CA
Posts: 472
Default

Quote:
Originally Posted by Seaboe Muffinchucker View Post
But this increasingly shrill demand that every password for every account has to be different, has to have characters the hacking programs know you'll use, and has to not be a real word makes it impossible to remember them all.
I've recently developed a new password methodology that has helped me with this. I've developed a password seed based on my old standard password that is thirteen characters long and meets all the standard password requirements of upper ,lower, special, and numeric characters. I then salt this base password with a prepended string that identifies that site/service for which I am creating a password. This creates a very long password that, at least at this time, would take a very long time to brute force, but is easily remembered.

I.E. My passwords now look something like "bank-passw0rdSEED" "socialmedia-passw0rdSEED", "randomwebsite-passw0rdSEED", etc.

I have also learned that the habit I got into, when I got my own email mail server some two decades ago, of giving every service and company that requests an email address an address unique to that service has apparently been protecting me from more then just from the junk mail for which I originally started doing this. One of the main things hackers are looking for when they break into some service and steal their user database is email addresses. They can then use these email address at other companies and services to try and access the stolen users accounts. Since I do not use the same email at any two companies this makes it more difficult for anybody to discover my other accounts.
Reply With Quote
  #376  
Old 25 September 2018, 04:35 PM
GenYus234's Avatar
GenYus234 GenYus234 is offline
 
Join Date: 02 August 2005
Location: Mesa, AZ
Posts: 26,373
Default

This summary of prescription requirements by the CDC states that Wisconsin does not explicitly require that a medical professional physically examine a patient before prescribing medication. But it has the disclaimer that such a requirement may be included in a law requiring adherence to standard medical practices. If nothing else though, the doctor could get into trouble because Med 17.05 (1) (b) requires that a record of the prescription must be filed in the patient's record. If your friend doesn't have a patient record, then that part of the law can't be fulfilled.

Note of course that this is for prescriptions that aren't controlled substances.

Also, IANAL/D.
Reply With Quote
  #377  
Old 25 September 2018, 05:52 PM
erwins's Avatar
erwins erwins is offline
 
Join Date: 04 April 2006
Location: Portland, OR
Posts: 12,232
Default

Iskinner, you might want to read that article Seaboe linked. You don't need to worry so much about brute force attacks as you do about dictionary based attacks, which are informed by password frequency. It's extremely common for a user's password to contain or be based on the name of the site or service. So that part of your password is going to be very guessable, even if it is long.
Reply With Quote
  #378  
Old 25 September 2018, 07:58 PM
Hans Off's Avatar
Hans Off Hans Off is offline
 
Join Date: 14 May 2004
Location: West Sussex, UK
Posts: 4,615
Default

Some useful info on password strength...

Correct Battery Horse Staple Method ALthough the article linked above says it’s “Not correct” The mathematics is sound if you have to remember passwords.

Also check out https://haveibeenpwned.com/ to see if your email has been present on any sites that have knwon to have been hacked.

As well as https://haveibeenpwned.com/Passwords to see if any passwords that you like to use have been compromised.

It’s also worthwhile using a password vault for generating and storing credentials so you don’t even have to know the passwords for the site you are using, just a single password for the vault. (This is something I have not done myself yet, but as I’m currently working in Cyber Security I really ought to step up my game!

The key message is vault passwords where possible and activate some sort of multi factor authentication if available (SMS/fingerprint, biometric recognition e.g. face or bloodflow)
Reply With Quote
  #379  
Old 25 September 2018, 08:06 PM
Alarm's Avatar
Alarm Alarm is offline
 
Join Date: 26 May 2011
Location: Nepean, ON
Posts: 5,762
Teacher

Quote:
Originally Posted by Meka View Post
Does the concept of 7 being a "lucky" number come strictly from dice games, or is it in some way related to the fact that people will disproportionately choose 7 when asked to pick a number between 1 and 10?
I think there is also an element of it being a biblical number, tied into it...
7 days of creations, 7 heavens, 7 deadly sins, etc...
Pythagoreans called 7 the perfect number because it is 3 and 4, the triangle and the square.

Ymmv...
Reply With Quote
  #380  
Old 25 September 2018, 09:36 PM
GenYus234's Avatar
GenYus234 GenYus234 is offline
 
Join Date: 02 August 2005
Location: Mesa, AZ
Posts: 26,373
Default

Quote:
Originally Posted by Alarm View Post
7 days of creations, 7 heavens, 7 deadly sins, etc...
Isn't that a chicken... egg thing? Is 7 used so much in the Bible because it was considered a special number or is it considered a special number because it was used in the Bible so much?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Stupid questions MisterGrey SLC 1002 05 October 2014 07:25 AM
Stupid questions Sue SLC 1062 25 June 2014 06:59 PM
Stupid questions Mr. Billion SLC 1034 15 April 2014 12:20 AM
Stupid questions Mouse SLC 1088 12 February 2014 10:21 PM
Stupid pet questions CenTex Wild Kingdom 46 11 June 2013 03:01 PM


All times are GMT. The time now is 01:40 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.