Security in memengo - Memengo™ Community and Support

Security in memengo

Forum » Memengo Wallet / General » Security in memengo

Started by:

Nick Riley (guest)
Date: 13 May 2010 19:58
Number of posts: 7

RSS: New posts

Summary:

Some reassurance needed

Unfold All | Fold All | + More Options

Fold

Security in memengo

Nick Riley (guest) 13 May 2010 19:58

Hi, love this program and use it for all my data which is great - i understand the 256 bit encryption is extremely safe - my only concern is that if there was some sort of malware which logged keystrokes / screenshots somehow installed, the hacker would have full access to my identity through memengo. Banks use those pin sentrys which are great and in my mind solves any problem with security even with this threat. The thing that concerns me is every time I log on to memengo - i enter my full password and encryption key rather than even a selection of letters from the password. Is there some sort of security built in to the site and am i worrying unnecessarily or is this a valid concern?
Many thanks,
Nick

Reply | Options

Unfold Security in memengo by

Nick Riley (guest), 13 May 2010 19:58

Fold

Re: Security in memengo

Denis Altudov 13 May 2010 21:43

It's a valid concern, but we don't offer a key token, that's what the iphone is for - a secure device in your hands. In addition I can offer these recommendations:

Secure your pc with antivirus and all other best practices recommended by your computer vendor. Upgrade to latest version of the OS (Mac Snow Leopard or Windows-7).
When away from your PC always use the iPhone app instead of someone else's PC.
Do not use memengo web site on unfamiliar computers unless you absolutely must. For example if I lost my wallet and my iphone in a foreign country I would use memengo web site to get a credit card number to buy a plane ticket home, but then I would change all of the passwords and keys (and maybe even credit card numbers) when I return home.
If you must enter key on a foreign computer consider copy-pasting letters from the screen instead of typing them to reduce the keylogger threat.
Create separate wallets in memengo wallet for data of different sensitivity. For example, create one wallet for all your casual forums and web sites which you don't care about and give it an easy to remember key, create one special wallet where you store only one credit card number to be used in an emergency like I described, and also create one other wallet where you store the rest of your stuff and you only use from your trusted home computer.

Hope that helps!

Reply | Options

Unfold Re: Security in memengo by

Denis Altudov, 13 May 2010 21:43

Fold

Re: Security in memengo

Nick Riley (guest) 15 May 2010 05:23

Hi Dennis,
Thank you for the reply that is very helpful advice. I'm running win 7 and always update and have done malware checks and everything is fine. I will make sure I only access the site on my own computer as you advised. One thing - would it be possible to add on the site once logged in a display of the last log in time and last sync time so any discrepancies would be noticed?
Many thanks

Reply | Options

Unfold Re: Security in memengo by

Nick Riley (guest), 15 May 2010 05:23

Fold

Re: Security in memengo

Nick Riley (guest) 15 May 2010 05:30

Just had another thought - this might be completely unfeasible - but is there any possibility that the iPhone app could have a key token generator in it to generate one time passwords to access the web site? That would be unbelievable and would make this app/site blow all the others out of the water in terms of security!

Reply | Options

Unfold Re: Security in memengo by

Nick Riley (guest), 15 May 2010 05:30

Fold

Re: Security in memengo

Denis Altudov 15 May 2010 15:11

Well, if you have an iPhone with you why not use the iPhone app then? It's even safer that way compared to generating token and then using the web site.
I'll note your other suggestion. Thanks.

Options

Unfold Re: Security in memengo by

Denis Altudov, 15 May 2010 15:11

Fold

Re: Security in memengo

Nick Riley (guest) 25 May 2010 19:00

Because editing/adding is easier via the web but i take your point. I will operate this using the iphone for the most part now

Options

Unfold Re: Security in memengo by

Nick Riley (guest), 25 May 2010 19:00

Fold

Re: Security in memengo

Denis Altudov 25 May 2010 19:41

To sum up my general view on this:

The idea is that you would use a trusted computer (at home) to do bulk of the editing, trusted phone when out and about, and an alien computer only when pressed against the wall by extraordinary circumstances. Using alien computer is generally unsafe, token or no token, and you should always use the phone if at all possible.

I have assumed that you wanted to use token on alien computer, but now that I look at your post again it seems that you could have been asking for a different thing - using the token on a home computer to beef up its security. Is this the accurate reading of your proposal?

Reply | Options

Unfold Re: Security in memengo by

Denis Altudov, 25 May 2010 19:41

New Post