On 2024-01-15 11:47, o1bigtenor via talk wrote:
On Mon, Jan 15, 2024 at 8:56 AM Alvin Starr via talk <talk@gtalug.org> wrote:
On 2024-01-15 07:35, o1bigtenor via talk wrote: [snip]
[snip] Was not aware of this. As I'm now on a reasonable IP connection (previously on fixed point wireless which is garbage imo) I am considering using voip if not for everything as voip dies when the power does and that's a serious flaw! Bell and Rogers are now both offering VOIP based home phone services. I assume that they have batteries to keep things running in the event of a power outage but It would be interesting to have someone on list confirm that. I remember many years ago working with an ISDN ATA device from Bell that had NiCad batteries that did not last all that long and had real degradation problems.
You could fix the power issue with a UPS. You could likely pay for the UPS in the phone line savings in the first year.
Multi-factor authentication via SMS is an improvement in security. It is not the bee all and end all but it is better than just a password. So I am not sure about your comment about privacy and security. Hm - - - - it was some time in the first 1/2 of 2012 when a VP at Microsoft issued the announcement that for those that were logging in off campus that it would be thenceforth required to use 2FA (as either SMS or email). It was about 2019 when the federal bureacracy started barking about this and the banking industry (finding another area to look good and possibly generate MORE fees) started complying.
What none of these boffins seems to be aware of is that the same individual in early 2019 sent a similar email to the same recipients that " . . . due to the inherent insecurity of both SMS, SMS based and open email systems it would no longer be possible to use such for authentication." (Notice what he said - - - Any chance for a link to that? I would love to know the inherent insecurity. the inherent INSECURITY blah blah blah!!!!!!!!) So so many people have heard of the first instance and it seems that the second has been ignored by almost all of those that have read the first. (Except Microsoft employees - - AIUI they are using a USB token/chip/whatever the official name for the dongle is - - - and that is their reality.) There are options - - - yes but they cost some money - - - - the feds just don't give a rip and the banking industry is loathe to offer such reasonably or (shock and horror) to offer for free so that a secure system 'could' be set up - - - so we're stuck with garbage with platitudes for our privacy and security.
Not sure about all the banks but I know a few will use a phone call that reads out a number over the phone to be used as a second factor in the login process. Bank I'm dealing with - - - doesn't. That sucks. I know RBC and Scotia both support call back MFA.
Also not sure about all governments and services but a large chunk of the Ontario government use call back. Apologies - - - - the world doesn't really begin - - - nor end - - - in Ontario. (Even if the banking industry centered in Toronto bends even our clocks (in the rest of Canada) to suit their 'whatever you want to call it'! I don't know what PEI or BC governments are doing so I am not commenting on them. I live in Ontario and know a little about that. If that somehow offends you I am sorry about that.
So far as I know all banks and governments still have phone lines that are answered and will eventually get you to a person to help you with your issue.
Have tried that when I was required to authenticate to do a credit card transaction. The ultimate answer - - - sorry - - - - nothing we can do to help. (I used a credit card with much higher fees that hasn't jumped on that band wagon yet - - - their problem!)
Given the reaction here it is quite clear that this PROBLEM really hasn't hit the radar for most of the tech community in Canuckistan (you know - - - that 3rd world country north of the USA). (Emphasis because I'm quite tired of the prissy pussy footing that I've gotten in trying to get even just the community to understand the magnitude of the issue. (My bank when implementing this garbage 2FA had ever so many words about the increase in security and privacy and really didn't want to talk to me about any of it - - - - because I'm just a dumb knuckle dragger to them!) Ok lets leave it there.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||