On Mon, Jan 15, 2024 at 8:56 AM Alvin Starr via talk <talk@gtalug.org> wrote:
On 2024-01-15 07:35, o1bigtenor via talk wrote: [snip]
One doesn't use a cell phone (well I wouldn't) but a cellphone number is demanded to verify one's identity. Without a working cellphone connection one is today - - - a NON-person.
I understand that you don't get the problem but then you are an urban dweller who has absolutely no idea what its like trying to connect to an ever increasing number of entities that demand SMS connectiviity (you know like the banks, the bloody government - - - shall I go on???!!!!!!!????) all the while prating about maintaining my privacy and security - - - bollocks!!!!!!!!!!!!) - - - this is our contemporary situation. That urban dwellers don't get it is also our contemporary situation. The pity is that they don't even try to understand the enormity of the situation or the helplessness of those caught in the squeeze - - - - . You don't need a cell phone number but need to have a number that will accept SMS. VOIP services offer numbers with SMS features.
Was not aware of this. As I'm now on a reasonable IP connection (previously on fixed point wireless which is garbage imo) I am considering using voip if not for everything as voip dies when the power does and that's a serious flaw!
Multi-factor authentication via SMS is an improvement in security. It is not the bee all and end all but it is better than just a password. So I am not sure about your comment about privacy and security.
Hm - - - - it was some time in the first 1/2 of 2012 when a VP at Microsoft issued the announcement that for those that were logging in off campus that it would be thenceforth required to use 2FA (as either SMS or email). It was about 2019 when the federal bureacracy started barking about this and the banking industry (finding another area to look good and possibly generate MORE fees) started complying. What none of these boffins seems to be aware of is that the same individual in early 2019 sent a similar email to the same recipients that " . . . due to the inherent insecurity of both SMS, SMS based and open email systems it would no longer be possible to use such for authentication." (Notice what he said - - - the inherent INSECURITY blah blah blah!!!!!!!!) So so many people have heard of the first instance and it seems that the second has been ignored by almost all of those that have read the first. (Except Microsoft employees - - AIUI they are using a USB token/chip/whatever the official name for the dongle is - - - and that is their reality.) There are options - - - yes but they cost some money - - - - the feds just don't give a rip and the banking industry is loathe to offer such reasonably or (shock and horror) to offer for free so that a secure system 'could' be set up - - - so we're stuck with garbage with platitudes for our privacy and security.
Not sure about all the banks but I know a few will use a phone call that reads out a number over the phone to be used as a second factor in the login process.
Bank I'm dealing with - - - doesn't.
Also not sure about all governments and services but a large chunk of the Ontario government use call back.
Apologies - - - - the world doesn't really begin - - - nor end - - - in Ontario. (Even if the banking industry centered in Toronto bends even our clocks (in the rest of Canada) to suit their 'whatever you want to call it'!
So far as I know all banks and governments still have phone lines that are answered and will eventually get you to a person to help you with your issue.
Have tried that when I was required to authenticate to do a credit card transaction. The ultimate answer - - - sorry - - - - nothing we can do to help. (I used a credit card with much higher fees that hasn't jumped on that band wagon yet - - - their problem!) Given the reaction here it is quite clear that this PROBLEM really hasn't hit the radar for most of the tech community in Canuckistan (you know - - - that 3rd world country north of the USA). (Emphasis because I'm quite tired of the prissy pussy footing that I've gotten in trying to get even just the community to understand the magnitude of the issue. (My bank when implementing this garbage 2FA had ever so many words about the increase in security and privacy and really didn't want to talk to me about any of it - - - - because I'm just a dumb knuckle dragger to them!) Regards