Welcome to the Bet Angel Professional Community

[Euler]

So, what do we propose to Betfair?

Automated timeout if lack of activity?
Restricted IP range?
Mandatory password changes?

[Ferru123]

I'd throw everything at them.

But I'd start by asking them for their ideas. If they think they've come up with a solution themselves, they're more likely to adopt it!

When they suggest a restricted IP range, you could say, without a hint of irony, 'Brilliant idea! I never thought of that!'.

Flattery is like sunshine to some people!

Jeff

So, what do we propose to Betfair?

Automated timeout if lack of activity?
Restricted IP range?
Mandatory password changes?

[andyfuller]

Drop down windows from which you select letters which are randomly placed on the list, so it doesn't go:

A
B
C

rather

G
U
Z

Then ask for say 3 random letters from your PW.

[andyfuller]

Can't say I would be a fan of any of Peters ideas. I like to log in and stay logged in on my laptop while trading but rarely touch it until I log out at the end of the day. If I needed to get on quick if say my power failed I may have to waste time logging in again.

Also when I go away I often log in but I wouldn't know the IP address in advance so could end up blocked out. Or if in an emergency you need to do as Peter said on the blog and nip to a coffee shop you may find yourself unable to log in.

Also I have that many different passwords I don't fancy being forced into changing them as I would get myself in a right muddle.

[andyfuller]

One way I believe to avoid key loggers is to use the onscreen keyboard to log in and then you are just pressing the mouse button rather than a specific key on your keyboard.

[Ferru123]

Drop down windows from which you select letters which are randomly placed on the list.

TBH, I think that's a bit OTT.

It would make logging in a ballache (so for commercial reasons, Betfair wouldn't go for it).

I'm not sure having a drop-down menu of characters is a good idea. OK, it will stop keyloggers from finding out particular characters of your password, but anyone who's able to view your screen remotely will be able to see your password. But with characters entered using the keyboard, you could have the characters appear on screen as asterisks.

And if Betfair make it so that 3 failed login attempts results in your account being locked, it won't be possible for a keylogger to try lots of combinations until he gets into your account.

Jeff

[pdupre1961]

I agree with Andy, I prefer the idea of drop downs similar to what I do with my on-line bank account.

[hgodden]

Obviously for people like us this is more important than for the average punter who may only have a few quid in his account. Betfair probably fear making the whole logging in security too tight which may deter your average joe from using the site.

However.... it would be great if they had an option that anyone can add an option to their account whereby to log in it would be far harder..... for instance.... they could ask us 10 security questions when setting the thing up, then when we log in we'd have to answer one of those questions (and in the way that Andy suggested to deter the key strokers)

[Ferru123]

I agree with Andy, I prefer the idea of drop downs similar to what I do with my on-line bank account.

I bet the characters aren't randomly organised when you log into your bank account, though.

I don't want to have to spend 30 seconds searching for particular letters whenever I log in!

With my bank, I'm asked for 3 random characters of my password. Even if a key logger knows those characters, he won't know which part of the password they relate to (unless he's also remotely watching my screen), and he only gets 3 attempts at logging in before my account is locked...

Jeff

[andyfuller]

I'm not sure having a drop-down menu of characters is a good idea. OK, it will stop keyloggers from finding out particular characters of your password, but anyone who's able to view your screen remotely will be able to see your password. But with characters entered using the keyboard, you could have the characters appear on screen as asterisks.

Didn't realise that people could view your screen remotely (bar on things like skype etc) and that it was much of a problem even if they could? First time I have heard of this. Also could they automate this approach, would they not need to watch the screen manually?

Key logging though I have heard of a lot and is easily automated and is a big problem in all things, not just Betfair.

Which is the bigger problem? People watching screens or key logging?