I just refinanced again after doing it 5 years ago. The mortgage industry is shockingly one of these. To be frank, I'm not sure how that's possible with all the regulation. How is it not complete insanity to require _that much_ information on someone and _not_ have strict training and liability for managing it?īetween then and now, Firefox Send has come and gone, but fortunately it's open source, so I'll host that if I find myself in a similar situation in the future.Īgreed - there are entire industries that simply have not caught up with secure management of paperwork, PII and financial information. Unfortunately, I have no confidence that they have, did nor will handle all of that information appropriately once they receive it. In the end I hosted them myself and phoned them with a password, then deleted them once I'd seen they'd been accessed. They _really_ struggled to understand why I wouldn't just email them every document they asked for (from birth certificates, marriage certificates, 6 months of financial data, 12 months of pay slips, and a host of other things). I asked if they have a secure mechanism for file uploads and they responded "email is fine". When my wife and I were buying our home, we needed to send our entire lives in paperwork form to the solicitors. I don’t want someone to be able to autofill and get access to all my data. As a general rule, I don’t use Chrome's built-in password manager for anything sensitive because it didn’t require prior authentication to view stored passwords (it may have changed now, but I’m not sure), and the same is true for autofill of my 1Password master password and security key on ANY platform. Sometimes you’re required to enter a password to retrieve/view saved passwords in a web browser, sometimes you aren’t - but it is very rare that the built-in password manager requires authentication for auto-fill. If someone gets access to my unlocked machine and can get into my web browser, they could potentially get into my other password manager to retrieve important information. I don’t have an issue having a master password for one password manager stored inside another I DO think having it in a web browser's built-in password manager is a bad idea, particularly because most browser password managers don’t require authentication to use (unless you’re logging into the browser for the first time).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |