How do you feel about 2FA / MFA verification to use a website or service?
- Thread starter Ice Tea
- Start date
Caporegime
Try out a site?
Porn or what
Practically everything here is 2 step or a BankID digital verification and I think it's awesome.
Online shopping is just a thumb print.
They store your delivery details centrally. It's so convenient.
Porn or what
Practically everything here is 2 step or a BankID digital verification and I think it's awesome.
Online shopping is just a thumb print.
They store your delivery details centrally. It's so convenient.
Soldato
- Joined
- 30 Sep 2005
- Posts
- 16,553
Brilliant idea, and very much needed
https://www.microsoft.com/security/...e-to-prevent-99-9-percent-of-account-attacks/
https://www.microsoft.com/security/...e-to-prevent-99-9-percent-of-account-attacks/
Caporegime
- Joined
- 30 Jul 2013
- Posts
- 28,927
If I can enable 2 factor authentication to secure something, I always do.
Soldato
I'm wary of it as too many have used 2FA as a data harvesting excuse and you then get SMS spam of sales and other irrelevant junk - usually with a premium rate number needed to stop it. They'll only get my number when I know I'll do regular business with them.
I've changed the topic as i never meant 2 step verification for security purpose because that's obviously a good thing.
I mean the current trend of refusing to allow you to proceed with a website or service unless you hand over a phone number for verification.
Google services , some free email providers or free trials , free VPN trials , usenet trials , social media services like Zoom video chat will now allow you to try out end to end encryption but only if you hand over a phone number , etc. etc.
Sort of ironic that of all the sites online you don't have to hand over anything to use porn sites not even age verification.
I mean the current trend of refusing to allow you to proceed with a website or service unless you hand over a phone number for verification.
Google services , some free email providers or free trials , free VPN trials , usenet trials , social media services like Zoom video chat will now allow you to try out end to end encryption but only if you hand over a phone number , etc. etc.
Sort of ironic that of all the sites online you don't have to hand over anything to use porn sites not even age verification.
Don't mind it on things that I think require it but hate it when its required for something where I have given no useful personal information. Think Houseparty was the last app that requested it along with access to all your contacts when I signed up with a spam email address, just deleted it.
2fa's not mandatory for them (ie you protect yourself from phishing) ? or, any of the music/movie services ?
.. they still have to cater for people (like us) who don't have good phone reception, I don't have wifi calling either.
I did find I had to set up 2fa via backup codes to get an app password to allow thunderbrird to access gmail though
It's just part of the drive to abolish anonymity on the internet and make gathering all sorts of data about individuals easier. It'll make it easier for the conformist mobs and woke corporations to cancel people across multiple platforms. "Our advertisers don't want to be associated with x so no monetisation for you" will become "Our company doesn't want to be associated with x so tough **** because we have near monopoly and we can do as we please because we're a private company". People will probably get Alex Jones'd from the internet just for misgendering or refusing to take a knee when demanded to but it's not Fascistic or anything, they're actually tolerant liberals.
Last edited:
Soldato
This. I’m not doing 2FA for anyone other than the most trusted sources.
Commissario
I'm sure you're trying to make some sort of point, but all i see is "wah, wah, wah the leftist capitalists don't want to proved free services to people who break the T&C they signed up with, wah".
Last edited:
Commissario
Same here.
I only have 2fa (using phone numbers) turned on for a handful of sites, mainly because I don't trust the majority of online sources not to sell any and all information they can to whoever pays them for it, and I don't trust even the best to not have the data go up for sale if they go bust, especially American companies where the data protection laws are a joke and the receivers won't care much about the likes of GDPA when the fines are likely to be directed at the company that has gone bust.
IIRC it was only last year that Facebook (or was it another similar scummy antisocial media site?) decided to make the phone numbers used for 2fa work to try and suggest friends or something, which caused a bit of a stink because the only reason people had supplied their numbers was for security.
Last edited:
I generally don't bother with sites, especially random stuff, that requires phone verification as part of the sign-up/order process. There are exceptions I would make such as purely financial services, etc. definitely not for some random retail site, etc.
I wish places in general would get their act together though when it comes to both the sign-up process and implementations of things like 2FA which can be really useful but so often done in a manner that is arse over backwards and just plain inconvenient and often leaves you wondering if the person who implemented it ever actually used it for themselves in a context that remotely resembled the real world scenario.
I wish places in general would get their act together though when it comes to both the sign-up process and implementations of things like 2FA which can be really useful but so often done in a manner that is arse over backwards and just plain inconvenient and often leaves you wondering if the person who implemented it ever actually used it for themselves in a context that remotely resembled the real world scenario.
Soldato
- Joined
- 30 Sep 2005
- Posts
- 16,553
When we rolled out MFA at work, the sheer number of users getting confused as to what the # key was, was shocking.
Microsoft either say the hash key, or the pound key.......hundreds of our users contacted the helpdesk asking what it was....despite the user guide saying "press the # key"
In the end, we had to include a photo pointing to the # key.
found it
Microsoft either say the hash key, or the pound key.......hundreds of our users contacted the helpdesk asking what it was....despite the user guide saying "press the # key"
In the end, we had to include a photo pointing to the # key.
found it
..lack of knowledge of hash, is perhaps consistant with number of people who are really proficient with a smart phone
no one has named any companies that are demanding 2fa where it might not, be, in legitimate response to protecting both parties data
reddit were apparently toying with requesting login via google, but even that and sites that will accept facebook,... you still have anonymity with a throw-away account on those, if you want.
no one has named any companies that are demanding 2fa where it might not, be, in legitimate response to protecting both parties data
reddit were apparently toying with requesting login via google, but even that and sites that will accept facebook,... you still have anonymity with a throw-away account on those, if you want.
no, if a site wants me to reigster no, if it wants me to turn off addblock no.
didn't the hashkey exist on all phones or atleast public ones? I thought it did way back in the 90s and probably earlier on the BT phones?
How do you sign-up for Gmail or use Android-x86 across multiple machines without handing Google a phone number to get a fully working service?
Android-x86 Beta testers have been caught out with multiple installs with Google telling them their phone number has been used too many times and to go away as support doesn't seem interested , not sure if one user was joking but when they tried to contact Google support about a number being blocked they was asked to provide a number?
you are right that I have , 2FA enabled, and had to go somewhere with reception (down the road) to enable that, but, after doing that the first time, I have downloaded some back-up codes, that I can use, at home, if needed, after rebooting a laptop say.
I see google security site now seems to have a new option ... I probably need to explore that, or yubikey