Jump to content
Jud

Scary Security Stuff

Rate this topic

Recommended Posts

Google Authenticator is pretty decent. And looks familiar to those experienced with RSA SecurID. Too bad far too many companies rely on SMS which is insecure. It is not much better here with banking sector, relying on SMS and some other less-than-great home grown implementations...

 

Too bad so far the only place apart from Google where I can use Google Authenticator is GitHub.

 

Only one local bank supports and supplies SecurID-type 2F authentication device on request.

 


Signalyst - Developer of HQPlayer

Pulse & Fidelity - Software Defined Amplifiers

Share this post


Link to post
Share on other sites
2 hours ago, Miska said:

Too bad so far the only place apart from Google where I can use Google Authenticator is GitHub.

 

I use it for this forum, for 3 other forums, for my NAS, for Amazon, for Facebook, Skype/Microsoft.

 

Plus Google.

 

Share this post


Link to post
Share on other sites

If you're a potential target for a SIM-swap attack, the solution would be to get a second phone with a number that you ONLY use for account recovery. Then even if someone does a SIM swap attack on your regular phone number, since it isn't connected with any of your online accounts, it can be used to break into them.

Share this post


Link to post
Share on other sites

Thanks @Jud for yet another reason to never get a cell phone, I'm glad I stuck with my corded landline phone. 😁


I have dementia. I save all my posts in a text file I call Forums.  I do a search in that file to find out what I said or did in the past.

 

I still love music.

 

Teresa

Share this post


Link to post
Share on other sites
On 11/8/2019 at 10:44 PM, AnotherSpin said:

"...When you ain't got nothing, you got nothing to lose"

"...You're invisible now, you've got no secrets to conceal."


"Relax, it's only hi-fi. There's never been a hi-fi emergency." - Roy Hall

"Not everything that can be counted counts, and not everything that counts can be counted"- William Bruce Cameron

 

Share this post


Link to post
Share on other sites

How does it feel?
To be without a phone
Like a complete unknown


"The overwhelming majority [of audiophiles] have very little knowledge, if any, about the most basic principles and operating characteristics of audio equipment. They often base their purchasing decisions on hearsay, and the preaching of media sages. Unfortunately, because of commercial considerations, much information is rooted in increasing revenue, not in assisting the audiophile. It seems as if the only requirements for becoming an "authority" in the world of audio is a keyboard."

-- Bruce Rozenblit of Transcendent Sound

Share this post


Link to post
Share on other sites

If you all think its easy to get into an account with 2FA enabled I would be thrilled if one of you can regain my access to my Dropbox account...

 

Thanks.

 

yes this is real go ahead, try.  I can't even get in and I am the one that set up the damned thing.


No electron left behind...

Share this post


Link to post
Share on other sites
2 hours ago, AudioDoctor said:

If you all think its easy to get into an account with 2FA enabled I would be thrilled if one of you can regain my access to my Dropbox account...

 

Thanks.

 

yes this is real go ahead, try.  I can't even get in and I am the one that set up the damned thing.


I lost access to a 2FA account somehow (phone change or some time without app, whatever, don’t recall) and was able to get 10 or so 1-time codes to use in order to get back in and if it should ever happen again. I don’t recall whether I used personal info or a PIN; I’m guessing the former.


One never knows, do one? - Fats Waller

The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein

Computer, Audirvana -> wi-fi to router -> EtherREGEN -> microRendu -> USPCB -> ISO Regen (powered by LPS-1) -> USPCB -> Pro-Ject Pre Box S2 DAC -> Spectral DMC-12 & DMA-150 -> Vandersteen 3A Signature.

Share this post


Link to post
Share on other sites
19 minutes ago, Jud said:


I lost access to a 2FA account somehow (phone change or some time without app, whatever, don’t recall) and was able to get 10 or so 1-time codes to use in order to get back in and if it should ever happen again. I don’t recall whether I used personal info or a PIN; I’m guessing the former.

 

Yeah, it's my fault for losing the one time codes. But not my fault for losing the phone...


No electron left behind...

Share this post


Link to post
Share on other sites
1 minute ago, AudioDoctor said:

 

Yeah, it's my fault for losing the one time codes. But not my fault for losing the phone...


And of course where do people who retain these things tend to keep them these days? Email, the cloud, email in the cloud....


One never knows, do one? - Fats Waller

The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein

Computer, Audirvana -> wi-fi to router -> EtherREGEN -> microRendu -> USPCB -> ISO Regen (powered by LPS-1) -> USPCB -> Pro-Ject Pre Box S2 DAC -> Spectral DMC-12 & DMA-150 -> Vandersteen 3A Signature.

Share this post


Link to post
Share on other sites
8 minutes ago, Jud said:


And of course where do people who retain these things tend to keep them these days? Email, the cloud, email in the cloud....

 

I kept mine on my computer, but I guess I had accidentally deleted it.


No electron left behind...

Share this post


Link to post
Share on other sites
21 hours ago, mansr said:

Those can be "hacked' with a pair of crocodile clips.

 

However, a corded landline phone has no hard drive, thus no information to steal except for the last number dialed.


I have dementia. I save all my posts in a text file I call Forums.  I do a search in that file to find out what I said or did in the past.

 

I still love music.

 

Teresa

Share this post


Link to post
Share on other sites
4 hours ago, Teresa said:

However, a corded landline phone has no hard drive, thus no information to steal except for the last number dialed.

The information exchanged during a call can be stolen. This could be authentication codes for something.

Share this post


Link to post
Share on other sites
34 minutes ago, mansr said:

The information exchanged during a call can be stolen. This could be authentication codes for something.


If they’re clever enough to ask and you’re dumb enough to give them. These days the only people who ask me for PINs over the phone are my television provider, and at the rate I’m paying I’d soon know if someone were affecting my service there.


One never knows, do one? - Fats Waller

The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein

Computer, Audirvana -> wi-fi to router -> EtherREGEN -> microRendu -> USPCB -> ISO Regen (powered by LPS-1) -> USPCB -> Pro-Ject Pre Box S2 DAC -> Spectral DMC-12 & DMA-150 -> Vandersteen 3A Signature.

Share this post


Link to post
Share on other sites

By the way: You may say one shouldn’t do business with anyone who would provide access to accounts, phones, etc. But anyone who’s had to wind up a deceased loved one’s affairs is grateful it happens. Obituaries can be monitored and documents faked if it comes to that.


One never knows, do one? - Fats Waller

The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein

Computer, Audirvana -> wi-fi to router -> EtherREGEN -> microRendu -> USPCB -> ISO Regen (powered by LPS-1) -> USPCB -> Pro-Ject Pre Box S2 DAC -> Spectral DMC-12 & DMA-150 -> Vandersteen 3A Signature.

Share this post


Link to post
Share on other sites
32 minutes ago, Jud said:

If they’re clever enough to ask and you’re dumb enough to give them. These days the only people who ask me for PINs over the phone are my television provider, and at the rate I’m paying I’d soon know if someone were affecting my service there.

I have seen 2FA with a synthetic voice reading a one-time code over a land line. In fact, I believe Google offers this as an option for account recovery.

Share this post


Link to post
Share on other sites

@Jud AND OTHERS : there is a sept 12 2019 NYT series of articles entitled “protect your digital self in a few minutes a day” byline is a Thorin Klosowski it is a good read but of course haven’t implemented it just like everyone else!

Share this post


Link to post
Share on other sites
1 hour ago, mansr said:

I have seen 2FA with a synthetic voice reading a one-time code over a land line. In fact, I believe Google offers this as an option for account recovery.


Heh, interesting. When I was helping to implement electronic transactions in our business segment I ran into plenty of people who thought for no particular reason things were ever so much more secure in paper and ink.


One never knows, do one? - Fats Waller

The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein

Computer, Audirvana -> wi-fi to router -> EtherREGEN -> microRendu -> USPCB -> ISO Regen (powered by LPS-1) -> USPCB -> Pro-Ject Pre Box S2 DAC -> Spectral DMC-12 & DMA-150 -> Vandersteen 3A Signature.

Share this post


Link to post
Share on other sites
21 hours ago, mansr said:

The information exchanged during a call can be stolen. This could be authentication codes for something.

 

I don't give such information over the telephone. I mainly confirm doctor appointments and refill prescriptions. And ever once in a while John Curl calls. Unlike my youth, I really hate using the phone, guess that is another reason I'm not interest in a cell phone. 

 

BTW when I refill prescriptions all Walmart asks me to confirm is the first four letters of my last name and when they are ready I pick them up in person.

 

When a computer dies I remove the hard drive and memory and hit them with a hammer and put them in a box in the closet and then take the dead computer (minus the hard drive and memory) to Best Buy to recycle. I would hate to do that with even more devices such as a cell phone, yet another reason I don't want a cell phone. The computer is enough to worry about.

 

18 hours ago, Jud said:

Heh, interesting. When I was helping to implement electronic transactions in our business segment I ran into plenty of people who thought for no particular reason things were ever so much more secure in paper and ink.

 

I'm one of the those who believes that paper and ink are safer, as long as everything with personal information is shredded before throwing away. I pay by check when I can and for the internet I use a non-reloadable prepaid debit card.

 

While I appreciate the large library of information of all types on the internet. I believe that it's creation was a mistake. And not just personal information, there is also disinformation, the manipulation of elections, and cyberwarfare.

 

P.S. I don't like scary security stuff and try to avoid anything that is risky.


I have dementia. I save all my posts in a text file I call Forums.  I do a search in that file to find out what I said or did in the past.

 

I still love music.

 

Teresa

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...