Originally Posted by Phantom
I hope Thrae does not mind I comment on this thread.
|
I'm always up for discussion, especially on topics I do not consider myself an expert on.
YOU MUST keep a backup of all your passwords.
|
Yes, this was said in step #15. Yes, it's extremely important. Good for making an extra note of that. I did mention having extra USB flash drives.
In my case I have gone with the flash drive always plugged in and online synchronization to Roboform Online.
|
Online hosted backups are a good idea. I was going to write about them but felt it was a little off-topic. There's a really neat cross-platform solution called CrashPlan that I use with my friends. It's 128-bit encryption with the free, Java-based client. Backing up to their server is only $3.75/month (3-year contract) for up to 4TB volumes at a time (at like 500KB/s at most, so it'll still a while).
The only thing I do not agree about this statement is the fact the code is not valid after its been used. The code also is only valid for 30-45 seconds. So at this time a keylogger cannot harvest his information in enough time to make use of it. Even if they did they wouldn't be able to remove it fast enough.
|
Yes, the token method is good in practice but not in theory. In theory, a WoW-specific keylogger could grab the key, send it off to a nearby botted computer with low latency, and change key information in your account before the key changes. It's impracticable, but theoretically possible.