On 2024-01-15 11:47, o1bigtenor via talk wrote:
On Mon, Jan 15, 2024 at 8:56 AM Alvin Starr via talk <[email protected]> wrote:
On 2024-01-15 07:35, o1bigtenor via talk wrote:
[snip]
[snip]
Was not aware of this. As I'm now on a reasonable IP connection (previously
on fixed point wireless which is garbage imo) I am considering using voip
if not for everything as voip dies when the power does and that's a serious
flaw!
Bell and Rogers are now both offering VOIP based home phone services.
I assume that they have batteries to keep things running in the event of
a power outage but It would be interesting to have someone on list
confirm that.
I remember many years ago working with an ISDN ATA device from Bell that
had NiCad batteries that did not last all that long and had real
degradation problems.
You could fix the power issue with a UPS.
You could likely pay for the UPS in the phone line savings in the first
year.
Multi-factor authentication via SMS is an improvement in security.
It is not the bee all and end all but it is better than just a password.
So I am not sure about your comment about privacy and security.
Hm - - - - it was some time in the first 1/2 of 2012 when a VP at Microsoft
issued the announcement that for those that were logging in off campus
that it would be thenceforth required to use 2FA (as either SMS or email).
It was about 2019 when the federal bureacracy started barking about this
and the banking industry (finding another area to look good and possibly
generate MORE fees) started complying.
What none of these boffins seems to be aware of is that the same individual
in early 2019 sent a similar email to the same recipients that " . . .
due to the
inherent insecurity of both SMS, SMS based and open email systems it would
no longer be possible to use such for authentication." (Notice what he
said - - -
Any chance for a link to that?
I would love to know the inherent insecurity.
the inherent INSECURITY blah blah blah!!!!!!!!) So so many people have
heard of the first instance and it seems that the second has been ignored
by almost all of those that have read the first. (Except Microsoft employees - -
AIUI they are using a USB token/chip/whatever the official name for the
dongle is - - - and that is their reality.)
There are options - - - yes but they cost some money - - - - the feds
just don't
give a rip and the banking industry is loathe to offer such reasonably or
(shock and horror) to offer for free so that a secure system 'could' be
set up - - - so we're stuck with garbage with platitudes for our privacy and
security.
Not sure about all the banks but I know a few will use a phone call that
reads out a number over the phone to be used as a second factor in the
login process.
Bank I'm dealing with - - - doesn't.
That sucks.
I know RBC and Scotia both support call back MFA.
Also not sure about all governments and services but a large chunk of
the Ontario government use call back.
Apologies - - - - the world doesn't really begin - - - nor end - - - in
Ontario. (Even if the banking industry centered in Toronto bends even
our clocks (in the rest of Canada) to suit their 'whatever you want to
call it'!
I don't know what PEI or BC governments are doing so I am not commenting
on them.
I live in Ontario and know a little about that.
If that somehow offends you I am sorry about that.
So far as I know all banks and governments still have phone lines that
are answered and will eventually get you to a person to help you with
your issue.
Have tried that when I was required to authenticate to do a credit card
transaction. The ultimate answer - - - sorry - - - - nothing we can do to
help. (I used a credit card with much higher fees that hasn't jumped on
that band wagon yet - - - their problem!)
Given the reaction here it is quite clear that this PROBLEM really hasn't
hit the radar for most of the tech community in Canuckistan (you know
- - - that 3rd world country north of the USA). (Emphasis because I'm
quite tired of the prissy pussy footing that I've gotten in trying to get
even just the community to understand the magnitude of the issue.
(My bank when implementing this garbage 2FA had ever so many
words about the increase in security and privacy and really didn't want
to talk to me about any of it - - - - because I'm just a dumb knuckle
dragger to them!)
Ok lets leave it there.
--
Alvin Starr || land: (647)478-6285
Netvel Inc. || Cell: (416)806-0133
[email protected] ||
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
