I’m just scared that they’re saved with reversible encryption on the disk, then malware could steal them
- viking ( @viking@infosec.pub ) 22•8 months ago
I trust it enough to use the feature, but I’ve got separate cards for online and in-person purchases. The online card is temporarily disabled in my bank app, and I only unblock it when I intend to use it. Takes like 30 seconds extra.
The in-person card is permanently unlocked for NFC and regular store transactions, but region locked to the country where I’m currently at, and transactions over $30 require the PIN.
- Suspiciousbrowsing ( @Suspiciousbrowsing@kbin.social ) 2•8 months ago
Out of curiosity, would it not take less than 30 seconds to type your CC numbers in online each time? I mean the month and ?ccv are easily memorable
- viking ( @viking@infosec.pub ) 1•8 months ago
Yeah sure, but a keylogger could read it at any time then, while cracking the locally saved card is more complex. And locking the card down unless explicitly needed also means that even if my card card does get compromised, it can’t be used of very narrow and random windows, adding a nice layer of security.
- ris ( @ris@feddit.de ) 2•8 months ago
Are you in the EU?
- viking ( @viking@infosec.pub ) 1•8 months ago
I’m an EU citizen and my cards are issued in the EU, but I live in Asia.
- ris ( @ris@feddit.de ) 1•8 months ago
Which Bank? The one I use sucks ( financially and IT-sec wise)
- viking ( @viking@infosec.pub ) 2•8 months ago
DKB, the credit card for online purchases and the debit card for in person stuff. The app allows quite some micromanagement for card permissions.
On top of it I’ve got an account with wise.com where I can generate virtual cards, I do that frequently when traveling abroad to sign up for local taxi apps and other services I’ll never use again, then delete the card once I’m done.
And as an ultimate backup I’ve got an N26 account, just in case someone only accepts MasterCard. I don’t trust them one bit though and only carry a balance of 150 EUR or so on the card and top it up only when it’s exhausted.
- ris ( @ris@feddit.de ) 1•8 months ago
Are you happy with DKB and Wise in all other ways?
- viking ( @viking@infosec.pub ) 2•8 months ago
Yep, been using both of them for ages. DKB for 20 years now, wise for almost 10. Never had a reason to complain, except for DKB as a broker, they are just way too expensive.
- /home/pineapplelover ( @pineapplelover@lemm.ee ) 17•8 months ago
Please don’t save stuff in your browser. It’s very easy to rip those passwords and logins. If you must, keep it in a proper password manager like bitwarden or keepass.
- CommanderCloon ( @CommanderCloon@lemmy.ml ) 2•8 months ago
How about when using a primary password?
- /home/pineapplelover ( @pineapplelover@lemm.ee ) 1•8 months ago
Doesn’t matter, can be bypassed on both firefox and chrome.
- CommanderCloon ( @CommanderCloon@lemmy.ml ) 2•8 months ago
Just checked it, it doesn’t seem to be the case
When you save website passwords, the Primary Password feature encrypts them before storing them on your computer
- /home/pineapplelover ( @pineapplelover@lemm.ee ) 1•8 months ago
Chrome passwords are free for the taking though
- TigrisMorte ( @TigrisMorte@kbin.social ) 15•8 months ago
More likely to be stolen in person at your local coffee shop
- BiggestBulb ( @BiggestBulb@kbin.run ) 14•8 months ago
I don’t even trust Steam, let alone Mozilla. I don’t think I’ve ever had any credit card auto-fill on any browser I’ve ever had
- NotNotMike ( @notnotmike@programming.dev ) 6•8 months ago
I do trust it well enough, but I don’t use it.
For starters, I don’t want it to be too easy to spend money. If I want something, I should want it enough to pull my card out and type the number again.
Second, the auto-fill often doesn’t work perfectly, so you need the card anyway.
Third, there’s the slim chance it could be hacked. So why even take that chance when the only benefit is convenience
- jet ( @jet@hackertalks.com ) English6•8 months ago
With credit cards any fraud is the responsibility of the credit card processor not the individual. So the risk isn’t on your side.
- shortwavesurfer ( @shortwavesurfer@monero.town ) English5•8 months ago
No, i use keepass and coppy/paste like the other commenter
- 12510198 ( @12510198@lemmy.blahaj.zone ) English5•8 months ago
If Firefox can read it from disk without a password, any other program running as your user can read it from disk without a password. But to prevent this you can encrypt your Firefox profile with a password.
- flamingo_pinyata ( @flamingo_pinyata@sopuli.xyz ) 4•8 months ago
I’m also kinda wary of saving cards in the browser. So I created a virtual card with a spending limit for that purpose.
Although there’s more to fear from malware stealing saved passwords. Fraudulent transactions can be reversed, identity theft will do a lot more damage.
- lattrommi ( @lattrommi@lemmy.ml ) 中文4•8 months ago
I simply use my credit card number for my password on every site. it makes it so much easier to remember both. back in the day i would use my social security number. thanks to that simple trick, i never get robocalls or spam and i’ve been removed from most mailing lists because no one will ever issue credit or do business of any kind with me. a hacker stole my identity once and my credit score quadrupled. he even gave my identity back a week later!
You joke but back in the 90s when I first used the internet in the library I had to choose a password for the email. And the requirements were weird. Needs to be an exact length, letters, numbers, and so on. Then I realized my country SSN was a perfect match with the requirements! “Wow that’s perfect, so I gonna use that as a password, nobody gonna guess that” - the naïve boy thought. Of course it was hacked by some other classmate that got the same conclusion and I realized that it wasn’t that perfect and that almost everyone had the same idea due to the strict exact length requirements. (SSN in my country can be easily found again if you know name and DOB)
- banazir ( @banazir@lemmy.ml ) 4•8 months ago
Absolutely not.
- Katzastrophe ( @Katzastrophe@feddit.de ) 4•8 months ago
Your saved passwords are reversible too, just don’t do it. If you really want to, put a password on it, but then why would you even save it at all? The convenience is lost at that point. And if you save it without a password, to decrypt the cc a decryption key has to be saved somewhere, and if it’s not on your pc, it’s saved on a server you don’t own.
- SuperSpaceFan ( @SuperSpaceFan@kbin.melroy.org ) 4•8 months ago
No. I don’t save cc’s on any browser.
- delirious_owl ( @delirious_owl@discuss.online ) 1•8 months ago
Dont save anything* in a browser. Permanent private mode
- PlatinumSf ( @PlatinumSf@pawb.social ) 3•8 months ago
If you’ve got credit card paranoia, Privacy.com has a solution for you. I personally just rely on my credit cards theft/fraud protection programs.
Privacy.com won’t solve this problem. In fact, it’s likely more insecure than saving your information locally.
- Jeena ( @jeena@jemmy.jeena.net ) 3•8 months ago
I put it into my password manager. (KeePassXC with Syncthing to share the database)