Security in memengo
Forum » Memengo Wallet / General » Security in memengo
Started by: Nick Riley (guest)
On: 1273780706|%e %b %Y, %H:%M %Z|agohover
Number of posts: 7
rss icon RSS: New posts
Summary:
Some reassurance needed
Unfold All | Fold All | +More options
Fold
Security in memengo
Nick Riley (guest) 1273780706|%e %b %Y, %H:%M %Z|agohover

Hi, love this program and use it for all my data which is great - i understand the 256 bit encryption is extremely safe - my only concern is that if there was some sort of malware which logged keystrokes / screenshots somehow installed, the hacker would have full access to my identity through memengo. Banks use those pin sentrys which are great and in my mind solves any problem with security even with this threat. The thing that concerns me is every time I log on to memengo - i enter my full password and encryption key rather than even a selection of letters from the password. Is there some sort of security built in to the site and am i worrying unnecessarily or is this a valid concern?
Many thanks,
Nick

Reply  |  Options
Unfold Security in memengo by Nick Riley (guest), 1273780706|%e %b %Y, %H:%M %Z|agohover
Fold
Re: Security in memengo
Denis AltudovDenis Altudov 1273787037|%e %b %Y, %H:%M %Z|agohover

It's a valid concern, but we don't offer a key token, that's what the iphone is for - a secure device in your hands. In addition I can offer these recommendations:

  1. Secure your pc with antivirus and all other best practices recommended by your computer vendor. Upgrade to latest version of the OS (Mac Snow Leopard or Windows-7).
  2. When away from your PC always use the iPhone app instead of someone else's PC.
  3. Do not use memengo web site on unfamiliar computers unless you absolutely must. For example if I lost my wallet and my iphone in a foreign country I would use memengo web site to get a credit card number to buy a plane ticket home, but then I would change all of the passwords and keys (and maybe even credit card numbers) when I return home.
  4. If you must enter key on a foreign computer consider copy-pasting letters from the screen instead of typing them to reduce the keylogger threat.
  5. Create separate wallets in memengo wallet for data of different sensitivity. For example, create one wallet for all your casual forums and web sites which you don't care about and give it an easy to remember key, create one special wallet where you store only one credit card number to be used in an emergency like I described, and also create one other wallet where you store the rest of your stuff and you only use from your trusted home computer.

Hope that helps!

Reply  |  Options
Unfold Re: Security in memengo by Denis AltudovDenis Altudov, 1273787037|%e %b %Y, %H:%M %Z|agohover
Fold
Re: Security in memengo
Nick Riley (guest) 1273900986|%e %b %Y, %H:%M %Z|agohover

Hi Dennis,
Thank you for the reply that is very helpful advice. I'm running win 7 and always update and have done malware checks and everything is fine. I will make sure I only access the site on my own computer as you advised. One thing - would it be possible to add on the site once logged in a display of the last log in time and last sync time so any discrepancies would be noticed?
Many thanks

Reply  |  Options
Unfold Re: Security in memengo by Nick Riley (guest), 1273900986|%e %b %Y, %H:%M %Z|agohover
Fold
Re: Security in memengo
Nick Riley (guest) 1273901448|%e %b %Y, %H:%M %Z|agohover

Just had another thought - this might be completely unfeasible - but is there any possibility that the iPhone app could have a key token generator in it to generate one time passwords to access the web site? That would be unbelievable and would make this app/site blow all the others out of the water in terms of security!

Reply  |  Options
Unfold Re: Security in memengo by Nick Riley (guest), 1273901448|%e %b %Y, %H:%M %Z|agohover
Fold
Re: Security in memengo
Denis AltudovDenis Altudov 1273936272|%e %b %Y, %H:%M %Z|agohover

Well, if you have an iPhone with you why not use the iPhone app then? It's even safer that way compared to generating token and then using the web site.
I'll note your other suggestion. Thanks.

Options
Unfold Re: Security in memengo by Denis AltudovDenis Altudov, 1273936272|%e %b %Y, %H:%M %Z|agohover
Fold
Re: Security in memengo
Nick Riley (guest) 1274814034|%e %b %Y, %H:%M %Z|agohover

Because editing/adding is easier via the web but i take your point. I will operate this using the iphone for the most part now

Options
Unfold Re: Security in memengo by Nick Riley (guest), 1274814034|%e %b %Y, %H:%M %Z|agohover
Fold
Re: Security in memengo
Denis AltudovDenis Altudov 1274816500|%e %b %Y, %H:%M %Z|agohover

To sum up my general view on this:

The idea is that you would use a trusted computer (at home) to do bulk of the editing, trusted phone when out and about, and an alien computer only when pressed against the wall by extraordinary circumstances. Using alien computer is generally unsafe, token or no token, and you should always use the phone if at all possible.

I have assumed that you wanted to use token on alien computer, but now that I look at your post again it seems that you could have been asking for a different thing - using the token on a home computer to beef up its security. Is this the accurate reading of your proposal?

Reply  |  Options
Unfold Re: Security in memengo by Denis AltudovDenis Altudov, 1274816500|%e %b %Y, %H:%M %Z|agohover
New Post
Copyright (C) 2008 Memengo, Inc.