Comments on: Q&A with Bruce Schneier offers a good summary of security philosophy http://www.andrewpatrick.ca/security-and-privacy/qa-with-bruce-schneier-offers-a-good-summary-of-security-philosophy Sat, 24 Sep 2011 19:03:30 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Jessica http://www.andrewpatrick.ca/security-and-privacy/qa-with-bruce-schneier-offers-a-good-summary-of-security-philosophy/comment-page-1#comment-3284 Jessica Fri, 14 Dec 2007 05:12:23 +0000 http://www.andrewpatrick.ca//qa-with-bruce-schneier-offers-a-good-summary-of-security-philosophy/#comment-3284 That makes sense. And makes me somewhat less grumpy about the "being ambushed suddenly with the choose a username" factor. And no, I don't think they do see the number. I know when I print statements it only shows the last 4. I think it only shows the last 4 on screen too. Of course you can still use your credit card number to login to check PC Points. That makes sense. And makes me somewhat less grumpy about the “being ambushed suddenly with the choose a username” factor.

And no, I don’t think they do see the number. I know when I print statements it only shows the last 4. I think it only shows the last 4 on screen too.

Of course you can still use your credit card number to login to check PC Points.

]]> By: Andrew http://www.andrewpatrick.ca/security-and-privacy/qa-with-bruce-schneier-offers-a-good-summary-of-security-philosophy/comment-page-1#comment-3247 Andrew Thu, 13 Dec 2007 00:20:24 +0000 http://www.andrewpatrick.ca//qa-with-bruce-schneier-offers-a-good-summary-of-security-philosophy/#comment-3247 Funny you should ask, PC Financial just did this change yesterday for my Mastercard account. Of course, it happened when I was in a hurry and I was ambushed, meaning I was not given a chance to do this at a time when I could come up with a good username. I hope I chose a good one. I did store it in my KeePass password archive. The reason may be to prevent the credit card number from being leaked in a phishing attack or through malware. With a username, the bad guys can't create false credit cards but with the number they can. I will have to look more carefully, but is the credit card number visible once you login using the the new username? It might be cool if the bad guys did not get the card number even if they login to your account. Funny you should ask, PC Financial just did this change yesterday for my Mastercard account. Of course, it happened when I was in a hurry and I was ambushed, meaning I was not given a chance to do this at a time when I could come up with a good username. I hope I chose a good one. I did store it in my KeePass password archive.

The reason may be to prevent the credit card number from being leaked in a phishing attack or through malware. With a username, the bad guys can’t create false credit cards but with the number they can.

I will have to look more carefully, but is the credit card number visible once you login using the the new username? It might be cool if the bad guys did not get the card number even if they login to your account.

]]> By: Jessica http://www.andrewpatrick.ca/security-and-privacy/qa-with-bruce-schneier-offers-a-good-summary-of-security-philosophy/comment-page-1#comment-3243 Jessica Wed, 12 Dec 2007 23:14:07 +0000 http://www.andrewpatrick.ca//qa-with-bruce-schneier-offers-a-good-summary-of-security-philosophy/#comment-3243 Hi Andrew, speaking of security I remember at one point you posting stuff about financial institutions and security. Can you think of any valid reason that would make having one's credit card institution switch from signing in with credit card number + password to userID that you create (like your Myspace or Facebook!) + password? Hi Andrew, speaking of security I remember at one point you posting stuff about financial institutions and security.

Can you think of any valid reason that would make having one’s credit card institution switch from signing in with credit card number + password to userID that you create (like your Myspace or Facebook!) + password?

]]>