On Mon, Jan 15, 2024 at 11:48 AM o1bigtenor via talk <talk@gtalug.org> wrote:
> > Multi-factor authentication via SMS is an improvement in security. > > It is not the bee all and end all but it is better than just a password. > > So I am not sure about your comment about privacy and security. > My preferred 2FA is provided by an authenticator app that doesn't use SMS. Indeed, a number of government agencies have gone that path, as well as my contacts with Mastodon, Discord and my gas utility. And yes, SMS is sent in cleartext and not particularly secure. But someone intercepting a cleartext 2FA without access to the original encrypted login session can't do much with it. So it's not absolute protection but it's a big step up from password alone. > Not sure about all the banks but I know a few will use a phone call that > > reads out a number over the phone to be used as a second factor in the > > login process. > > Bank I'm dealing with - - - doesn't. > So switch banks. You can do that without SMS. > Also not sure about all governments and services but a large chunk of > > the Ontario government use call back. > > Apologies - - - - the world doesn't really begin - - - nor end - - - in > Ontario. Oh fercrissake. The OP comments were based on the limits of personal experience, not chauvinism. Given the reaction here it is quite clear that this PROBLEM really hasn't hit > the radar for most of the tech community in Canuckistan (you know - - - > that 3rd world country north of the USA). I'm sure you know where the border is, good luck over there. > (Emphasis because I'm quite tired of the prissy pussy footing that I've > gotten in trying to get even just the community to understand the > magnitude of the issue. > Well, duh. The name-calling, scapegoat-seeking, insult-laden nature of this rant is the antithesis of seeking a solution. This ain't the way to get anyone to listen to you, let alone convince them of your righteousness. > (My bank when implementing this garbage 2FA had ever so many words about > the increase in security and privacy and really didn't want to talk to me > about any of it - - - - because I'm just a dumb knuckle dragger to them!) > See above. - Evan
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
