I’m just scared that they’re saved with reversible encryption on the disk, then malware could steal them

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    arrow-up
    25
    ·
    9 months ago

    reversible encryption

    All encryption is reversible, otherwise it wouldn’t be encryption, it would be a hash. If you don’t use a password, it’s easy to reverse the encryption. If you do use a password, the maximum security with a brute force attack is 112 bits, which is pretty weak.

    I recommend using a different password management service (which also handles credit card info), any password manager will be fine. I personally use Bitwarden, which uses 256 bits of encryption. That’s pretty standard across password managers, so you’re better of focusing on making a secure password.

    That said, if you’re only worried about credit card info and not storing passwords in Firefox, you’re probably fine. Credit cards have a ton of protection, so if someone steals your card info, call your bank to dispute the fraudulent transactions and get a new card, it doesn’t cost anything and has little hassle. Debit cards are another story, so I recommend just not using debit cards at all online.

    • WIZARD POPE💫@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      9 months ago

      Prepaid debit cards for the win. You need to buy something online? Open your banking app, transfer the amount to the card, pay. After that the card is empty and cannot be used to pay flr anything until you need it again.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        9 months ago

        That sounds like way more effort than a credit card, especially here in the US where transfers between banks take 2-3 days.

        If you really want to avoid credit, you can lock your debit card and unlock it when you make a purchase. That’s still annoying, but effective. But if you’re responsible, there’s really no reason to avoid credit, and you get rewards on top.

        • SirQuackTheDuck@lemmy.world
          link
          fedilink
          arrow-up
          5
          ·
          9 months ago

          especially here in the US where transfers between banks take 2-3 days.

          *Laughs in SEPA Instant Transfer*

          Anyhow, locking and unlocking is an option. Using “3D Secure” systems - which require a secondary approval via an app or website - works significantly better, and chargebacks are one tap in a banking app (modern apps, so US might again be fucked here).

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            arrow-up
            1
            ·
            9 months ago

            Chargebacks here are a little more complex, and usually not what you want to do since it costs vendors money (read: they may refuse to serve you in the future). Instead, you want to report the transaction as fraud (which is different from a chargeback), and the bank will investigate and work with vendors.

            So usually a quick call (mine took 5 min) and the transactions are put on hold pending the investigation (mine resolved in 2-3 days). A new card is sent immediately, and if you go to a branch, it can be printed immediately.

            Maybe not as smooth as the EU, but still decent. I’ve only had to do that once, each other time the fraud was caught by automated systems before I noticed.

          • setVeryLoud(true);@lemmy.ca
            link
            fedilink
            arrow-up
            2
            ·
            9 months ago

            If it gets stolen (i.e. scam, or breached website), you can’t charge back like with a credit card. That money is still gone, but you do limit your losses compared to using your main debit card.

            • WIZARD POPE💫@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              9 months ago

              Oh yeah that is true. But at least if just your card details are stolen the card is unusable when empty. As I said it’s best to just keep it empty until you actually buy something and you just put on the exact amount you need.

              • setVeryLoud(true);@lemmy.ca
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                9 months ago

                Unrelated, I actually don’t know if prepaid Visa cards have the same protections as real credit cards. Something to look into, perhaps.

                • WIZARD POPE💫@lemmy.world
                  link
                  fedilink
                  arrow-up
                  3
                  ·
                  9 months ago

                  What would those be? I don’t have a xredit card so I have no idea what kind of protections they have? I know the prepaid does not work if the amount on the card is lower than the transaction you are trying to do.

                  • setVeryLoud(true);@lemmy.ca
                    link
                    fedilink
                    arrow-up
                    3
                    ·
                    edit-2
                    9 months ago

                    On credit cards, the most important protection is the ability to charge back fraudulent purchases. You just call your bank, tell them which purchase is fraudulent and you’d like charged back for which reason, they then contact the seller to determine what happened, and if they either don’t play ball or don’t answer, they charge back and rip the money out of the recipient’s accounts.

                    Real credit cards also have other protections, such as mobile device protection, travel insurance (cancellation, sickness, etc.), cash back (paid for by merchant with credit card fees), whatnot.

                    My (Canadian) recommendations if you get a real credit card is:

                    • ALWAYS pay the FULL amount on time
                    • Don’t spend more than 50% of your total credit limit across all your cards. There is nothing wrong with increasing your credit card limit if it doesn’t require a hard credit inquiry. The bank may even do a soft inquiry for you and offer it to you. Just because you increase your limit doesn’t mean you need to increase your spending.
                    • Never spend more than is actually in your debit account, treat it exactly as if it were your money (because it is)
                    • Pay your cards manually as soon as the statement comes out. This gives you a chance to make sure your accounts are in order, there is no fraudulent activity and allows you to transfer money if needed to pay the card in full. Automatic payments usually happen at the end of the 30 day payment period, giving you no chance to react if you have insufficient funds or something goes wrong, leaving you with a mark on your credit record.
                    • Never pull cash from your credit card (called a cash advance), it is never worth it and you’ll pay up the ass in interest. It’s a scam to take advantage of poor people in a tough spot.
                    • Never leave open cards unused. If you have an unused card, put your online subscriptions on it.

                    Credit cards are good for their protections and to build up your credit score, but they have to be used correctly. The bank’s hopes is that you’ll fuck up someday and they can collect some sweet sweet interest from you. It’s predatory at its core, but if you play your cards well, you can end up on top with the cash backs.

                    As for where to get prepaid cards, it depends on where you are, but in Canada, lots of banks offer pre-paid Visa cards, especially useful for teenagers so they can make online purchases without the responsibility of a credit card.

                    I just looked it up, it was actually pretty hard to find. Desjardins and Scotia both discontinued their prepaid cards, but here’s an example of one from CIBC: https://www.cibc.com/en/personal-banking/prepaid/ac-conversion-card.html