Email or username:

Password:

Forgot your password?
Top-level
Nazo

@nixCraft Sad thing is, most banks actually require the first, but since that's so ridiculous you have to write it down or something and even then probably have to try four or five different options. Worse still, people give up and use password managers which can have problems and leaks sometimes.

Sometimes I think seriously about just permanently dedicating some old phone or tablet or something solely to passwords and 2FA stuff, left permanently in airplane mode or something.

6 comments
Meghadeep Roy Chowdhury :kinoite: :fediverse: :veritrek: :verified_paw:

@nazokiyoubinbou @nixCraft I’m sorry, did you actually write “worse still people give up and use password managers”? Worse than writing it down?! Or do you really expect to remember all the different randomized passwords for all your different accounts?

Nazo

@social @nixCraft Calm down, you're looking at a logic problem emotionally, not logically. Yes, I did say that password managers are worse. Someone has to gain physical access to a piece of paper for something you've written down. Password managers can be accessed online. Not necessarily all leaked even. Sometimes other exploits lead to accessing them (an issue sometimes with mobile devices in particular.) Often enough their encryption is necessarily weak anyway.

Nazo

@social @nixCraft I think you're imagining the sort of environment where the current password system was originally created from -- eg a high confidential work area where people must even protect their work from other workers there (potential spies!) Hard for users to know passwords stored in ultra-secure mechanisms (even memorized) made sense there. It doesn't work in the modern day where your biggest threat is some script kiddie in Russia rather than your next door neighbor.

GreenDotGuy

@nazokiyoubinbou @nixCraft It's safer than you think!

The app itself is a trusted pathway to the service, and it's probably been authorized at least once with a password or something more complex. The PIN is just an additional factor. Totally different from the WiFi situation, where that one code will allow virtually anything to connect in and do stuff.

Nazo

@DarcMoughty @nixCraft I think you meant to post this to them, not me, but I do want to point out that this isn't quite as literal as I think you've taken it to be. The point is just some things that seem like they don't need so much protection go over-the-top even with crazy requirements then some things that need heavy protection have little to none.

Nazo

@DarcMoughty @nixCraft A better example might be the bank requiring capitals, numbers, symbols, and the sacrifice of your firstborn to login then, once logged in, the only real protection on it is your phone's biometric lock or PIN, often enough easily faked or watched.

Go Up