[lug] How do you keep your passwords safe while Paying bills and Day Trading at Work?

[Nate Duehr]

Stephen Queen wrote:
> I, myself would not do personal financial transactions on a company
> computer over the company network. That would be showing a lot of
> confidence in your company IT staff that they may not deserve.

More than, say ... a poor telecom worker anywhere along the line?  :-)

The network part is simple, all of those transactions are SSL-enabled, 
or better be.

The company computer part -- I agree with in general.

They could have screen capture/savers, keystroke loggers, etc... all 
with implicit permission of the employee via policy -- "Everything may 
be monitored."

Taking that out to the logical end though, since most companies won't 
allow "rogue" laptops or other devices on their networks these days...

Means you better be packing your own mobile data card and laptop if you 
have to make financial transactions during the day for any reason.

And thus... the top question:  Just who do you trust?

I think your own machine on someone else's network (telco, company, 
hotel next door, whatever) with appropriate encryption is as good as you 
might have at home... on "your" network.  It's all muxed together 
upstream "somewhere".

Your hardware, your encryption technology, is about the best you can do.

How many older stock traders do it on analog cordless phones?

How many stock trades are placed per day on cell phones that anyone can 
buy a CDMA or GSM network service monitor -- perfectly legally but then 
use it to listen in with -- not legal -- for about $2000 from any test 
gear supply house?

Eventually you have to trust someone, even though there's nothing worthy 
of trust in any of this, long-term... the math of the encryption is 
about as close as you can get to "trustworthy", and it's been shown to 
have flaws before...

Nate