Betfair security

[Kai]

I use LastPass as my password manager. Can't really manage without one now.

I think a lot of people stopped using LastPass after it got hacked back in 2015. They also had some very recent bug or exploit issues that could leak stuff to malicious websites. I don't really know how normal or frequent the bugs are in general for this type of software but LastPass never really filled me with much confidence tbh.

[PDC]

Thanks for the feedback. I've always been put off 2-step because I log in on 3-4 devices but having said that I am logged in all-day so it shouldn't be too much inconvenience - I'll look into it.

I use LastPass as my password manager. Can't really manage without one now.

Once you have done it a few times it just becomes part of the log in process you go through each day on auto and it really is no hassle.

If someone got into your account and took your money I would imangine that would cause an untold amount of hassle and annoyance and leave you wishing why on earth didn't you put 2FA on.

I have never used a password manager but I think I will look at them as more people seem to be using them. My worry, probably daftly, is giving up my passwords to a third party.

I have often seen it said that you are probably safest coming up with complicated passwords and just having them on a sheet of paper at home. But I would not fancy the hassle and worry should my house be broken into and that sheet taken.

It is also really important to ensure you use a different password for each site you use which I know sounds like a hassle but it really isn't if you come up with a system.

This article by Martin Lewis from Money Saving Expert is quite old now and I haven't read it for a while but thought I would share it anyway as I am sure it is still of use to people when creating said system:

https://blog.moneysavingexpert.com/2011 ... mber-them/

[weemac]

My solution is to have the same 'base' word with various Caps, symbols etc for all sites. Then I simply include a number 1 somewhere in it for my bank password, 2 for Amazon, 3 for paypal, and so on. (These are just examples!! ) That means I can carry a piece of paper in my wallet with "bank 1, amazon 2, paypal 3, etc. written down, so they're useless to anyone but me, and are easy to change if necessary.

But 2FA is still a must for financially sensitive sites.

[Kai]

I have never used a password manager but I think I will look at them as more people seem to be using them. My worry, probably daftly, is giving up my passwords to a third party.

People usually have an issue with storing their password online (like LastPass etc), hence the need for local storage of passwords and sensitive information (like KeePass etc). It's practically the digital equivalent of a wall safe, its data cannot simply be copied off your computer as if it were a txt file, in order to open KeePass on your computer you need a locally stored key file along with your master password.

In any case, it's good to have different options to suit people's preferences and needs.

[Bog]

It is really important you keep those backup codes somewhere.

I use KeePass Password Safe for that purpose, it's a free open-source password manager and a good place to keep all the sensitive stuff. My brother who is a highly paid security expert in this industry recommended it so it must be decent at least, it's not very user friendly at first but I'm very happy with it. I usually let KeePass randomly create my passwords with at least 128-Bit key encryption, except the non-important passwords which I let Chrome memorize instead.

I actually don't really know what my Betfair password is, gun to my head I wouldn't be able to say it out loud, but my muscle memory knows it extremely well because it types it in often enough.

I think I will try KeePass if it's that good. I have all my pass in a text file, I know, not a good thing, so maybe it's time for a change. Cheers

[Dallas]

Thanks for the feedback. I've always been put off 2-step because I log in on 3-4 devices but having said that I am logged in all-day so it shouldn't be too much inconvenience - I'll look into it.

I use LastPass as my password manager. Can't really manage without one now.

Once you have done it a few times it just becomes part of the log in process you go through each day on auto and it really is no hassle.

If someone got into your account and took your money I would imangine that would cause an untold amount of hassle and annoyance and leave you wishing why on earth didn't you put 2FA on.

On busy days I can log in as much as 7-8 instances just to set up all the automation and data capture etc and it can become a bit time consuming but I'd rather do that 25 times a day for years if it saves me from just 1 hack

[Derek27]

My solution is to have the same 'base' word with various Caps, symbols etc for all sites. Then I simply include a number 1 somewhere in it for my bank password, 2 for Amazon, 3 for paypal, and so on. (These are just examples!! ) That means I can carry a piece of paper in my wallet with "bank 1, amazon 2, paypal 3, etc. written down, so they're useless to anyone but me, and are easy to change if necessary.

But 2FA is still a must for financially sensitive sites.

I used to use that method, same password with two or three additional characters to identify the site. It's not really secure having the same 'base' password and another issue is no base password will satisfy the criteria of all sites, so I'd often have to chuck in a hyphen or change the base password and then forget it!

[ShaunWhite]

I use KeePass Password Safe for that purpose,

All my login IDs, passwords and backup codes are in the folder with my Will. Ditto a brief operational guide so people know what apps to stop or which VPS company to keep paying if it's still making a profit. That should be better than 3 grand from 'Without-this-policy-your-kids-will-bury-you-in-a-binbag.com'

[jamesg46]

It is really important you keep those backup codes somewhere. My Google Authentication app went out of sync for some reason. It is a known issue with the app. No matter what you do you will not be able to get it back in sync and without the back up codes you are locked out.

Thankfully I had the back up codes saved and was able to get back into my account. Turn off 2 step and then set up up all over again.

Betfair probably would have been able to get me back into my account eventually I guess but I wouldn't like to think how many hoops you would have to jump through, quite rightly before they got you back in. Perhaps they wouldn't be able to.

So again, if you haven't got those back up codes saved somewhere do it now as the app could go wrong at anytime and this applies to all sites you use 2FA!

I didn't know about this so i've just gone through the process, thanks for pointing it out!

[PDC]

I didn't know about this so i've just gone through the process, thanks for pointing it out!

No worries, I was very worried when it happened to me as nothing seemed wrong on the surface. I was using my password and Google 2FA app as I had hundreds of times before. But no matter how carefully I typed it all in it kept saying the password I was entering was wrong.

Eventually my account got locked due to to many failed attempts.

I started to think someone had hacked my account and changed the password as I was 100% sure I was entering the password right and the codes were showing as normal on the app.

I got Betfair to unlock the account but still it wouldn't work and again I was locked out.

It took a long time to get Betfair to unlock it as not surprisingly it was starting to look rather suspicious.

Eventually I just happened to search for 2FA code not working and discovered this bug and that I should use the back up codes which would still be valid. Then to turn off 2FA, uninstall the app and reinstall it and get a new batch of back up codes.

There was nothing to indicate on the surface of it that the 2FA was out of sync and I had only been in my account a few hours before.

Had I not had the codes backed up I don't know how I could have got in as I don't know if Betfair have an override of the 2FA, perhaps they don't?

[Kai]

Google Authenticator has many alternatives for both Android and iOS, if someone is having issues with it. I used FreeOTP in the past, it worked flawlessly when I couldn't get Google Authenticator to work properly on my first smartphone.

[jamesg46]

I've wondered how it all works when you upgrade your phone but never got past wondering. I'm that sort of person that goes by "i'll cross that bridge when I come to it" I really need to break that habbit & this thread just goes to highlight to me once again why.

[PDC]

I've wondered how it all works when you upgrade your phone but never got past wondering.

Also what happens if your phone is stolen is something to think about as you would now not have access to the app.

This is a good video from a very good YouTube channel that gives some background info to 2FA and how it works, worth a 5 minute watch:

https://www.youtube.com/watch?v=D6fRdCF9jyQ

[jimibt]

this thread should be amended (Derek) in the OP to take into account all the comments that add up to best practice and then made into a sticky!!

[spock]

this thread should be amended (Derek) in the OP to take into account all the comments that add up to best practice and then made into a sticky!!

+1