topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 4:33 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: simple & easy way to exchange sensitive information?  (Read 9947 times)

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
simple & easy way to exchange sensitive information?
« on: January 08, 2009, 05:41 AM »
A simple question, which is hard to answer:
I'd like to send some private information such as a password or my card details for example to a friend (not a power user), what is the easiest way to do this?

So far the easiest solution seems to be using logmein to securely login to their pc and type it there. Problem with this is setting up the account , complete pc access and unsecured at their end. (in my case only the third option is an issue). they don't have to know any password.

What EASY & SIMPLE (and relatively secure) method would you use?
* anything method using a password would mean they need to be told the password as well somehow, so please take this into account.
* no encryption keys are setup
* existing tools are preferred for simplicity.
« Last Edit: January 08, 2009, 05:46 AM by justice »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #1 on: January 08, 2009, 06:00 AM »
Do you have a "secondary channel" that is relatively secure? Ie, could you send the person an email with encoded content, and call them on the phone/send an SMS to give them a passphrase for this encoded content? In that case, fSekrit would probably suffice - although there's the problem of some email providers blocking .exe attachments.

Sorry for the self-promotion, but it was the first thing that sprung to mind :)
- carpe noctem

Dormouse

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,952
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #2 on: January 08, 2009, 06:39 AM »
The problem with anything they open on their computer is where that info might be saved or recorded. You'd want them not to have a clipboard (if they might copy and paste some content) or to autosave it anywhere. Obviously, fSekrit is designed to do this. An alternative, depending on the data, might be a vault or a password manager program such as Keepass which they could load on their machine and you could send them the database. Password by phone will be more secure (though might need a few tries if they make an error) since nothing will be recorded.

In a situation like this there is a tension between strong passwords and being easily remembered by someone who did not invent it. Possibly a passphrase with punctuation would work best.

It all depends on exactly how secure you need it to be and what you think the realistic sources of risk are.

Sending card details to a friend is a real risk if something goes wrong because any losses may not be covered by the card company if they think that doing that was imprudent.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #3 on: January 08, 2009, 06:51 AM »
Sending card details to a friend is a real risk if something goes wrong because any losses may not be covered by the card company if they think that doing that was imprudent.
didn't think at all about that. good point.

Dormouse

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,952
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #4 on: January 08, 2009, 01:27 PM »
I was thinking more about this & thought that it might be useful if the program had a once-only or list of passwords that it cycled through. That would mean that the password could be given to someone to access the information, but that it would not work on a second occasion. Doesn't really matter then if the friend records it as it would no longer work, so long as they did use it immediately.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #5 on: January 08, 2009, 01:32 PM »
I was thinking more about this & thought that it might be useful if the program had a once-only or list of passwords that it cycled through. That would mean that the password could be given to someone to access the information, but that it would not work on a second occasion. Doesn't really matter then if the friend records it as it would no longer work, so long as they did use it immediately.
You can't do that reliably.

The closest would be some cryptographic function that transforms the current date and combines with a passphrase, but that would be slightly clunky, and could be defeated simply by setting the PC's clock back.
- carpe noctem

Dormouse

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,952
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #6 on: January 08, 2009, 01:48 PM »
For a once only use, I thought it would be possible to have an openable/unopenable switch. Once it has been opened it records the fact and can't ever be opened again.

For a cycle, there would be say 10 pre-programmed passwords. Once each one had been used, the program would need the next to open. At the end of the 10 it could either terminate (like once only) or switch back to the first.

cranioscopical

  • Friend of the Site
  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 4,776
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #7 on: January 08, 2009, 01:49 PM »
Re fSekrit
Sorry for the self-promotion, but it was the first thing that sprung to mind

My first thought, too.  I find it extremely useful.

FWIW I'd never want to be in the situation where any issuer could prove that I'd voluntarily handed out my card details.  
I'd try my utmost to find another way round what justice wants to achieve.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #8 on: January 08, 2009, 04:08 PM »
I just went home after work instead which solves my original issue ;-) but I still think it will be an issue for many people that it's not easy and simple enough to have a secure exchange of information online.

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,989
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #9 on: January 08, 2009, 08:31 PM »
I think something like Lastpass would be among the easiest but also secure ways to share sensitive data that can be written on a note but at the same time, it's also dependent on how much you trust an online password service and not many do.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #10 on: January 09, 2009, 01:33 AM »
Two suggestions:

  •   Hide it in plain sight. Put a list of passwords in the email and let your friend know in another email or a phone call which is the real one. Not entirely effective "security by obscurity" but it can work.
  • Set up a cipher and encode the message before sending it. Then send your code word to your friend another way. Use a standard Vigenere Cipher.
Jim

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #11 on: January 09, 2009, 01:38 AM »
If you want them to be able to use your credit card, add them as an authorized user and the credit card company will send you a card just for them, with their name on it. But you will be responsible for any and all activity on the card, and the bill.

nogojoe

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 169
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #12 on: January 09, 2009, 02:09 AM »
For a once only use, I thought it would be possible to have an openable/unopenable switch. Once it has been opened it records the fact and can't ever be opened again.

For a cycle, there would be say 10 pre-programmed passwords. Once each one had been used, the program would need the next to open. At the end of the 10 it could either terminate (like once only) or switch back to the first.

Why not set up a free Fastmail email address setup

with fastmail you can setup 100 onetime use login passwords along with your master password.

just email your data which you want the other person to have into that fastmail and give him one of the onetime use to access that account.

all the other person has to do is login ,access the data and logout you can stop the other person from from doing anything from within the fastmail account ( being an additional account set up just for this you wouldn't have much to access .

Next time you need to send more info just give them another of the 100 passwords.

Onced logged out the password is finished
nogojoe

Often the most convincing people are those who have lost the plot so much they don't recognize the difference between fact and fantasy

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #13 on: January 09, 2009, 03:14 AM »
If you want them to be able to use your credit card, add them as an authorized user and the credit card company will send you a card just for them, with their name on it. But you will be responsible for any and all activity on the card, and the bill.
no this not about using it, but good suggestion thanks.

Dormouse

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,952
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #14 on: January 09, 2009, 03:23 AM »
Why not set up a free Fastmail email address setup

For me, I simply wouldn't trust the security of unencrypted email.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: simple & easy way to exchange sensitive information?
« Reply #15 on: January 09, 2009, 03:44 AM »
breaking it up seems good enough to me - part per phone, part per text, part per email

who's going to get all that except the - whatstheword - the person you're sending it to?
Tom