firefox heads up
I run with the latest release of firefox from
https://www.mozilla.org/en-US/firefox/new/?scene=2#download-fx
Every time I install a new release my bank indicates it does not
recognize my device and requires a one time code and my password to
log into my account. Thereafter I only have to use my id/pw.
Since it seemed to only happen on major releases, I created a user.ps with
user_pref("general.useragent.override", "Mozilla/5.0 (X11; Linux x86_64; rv:200.0) Gecko/20100101 Firefox/200.0");
to set version at 200.0; after doing that bank did not send me through the one time code screens. Lo and behold after firefox-98.0.2.tar.bz2
install I had to go through the one time code logic on all logins.
Helpless Desk droid indicated fix was to clear/delete cookies or use a different browser. It did not phase the droid that I had cookies deleted
upon log out.
Installed chromium-browser, bank sent me through one time code and all
logins thereafter without going through one time code logic.
I went back to firefox and still had to go through the one time logic on every login.
Just for fun and 30+ logins later screwing with using user.ps I decided
to delete the ~mozilla/firefox directory and Wa La the bank site no longer required the one time code after the first firefox login.
Moral of this story is using one default profile directory can lead to
odd problems with some sites.
On 4/1/22 17:15, Bit Twister wrote:
firefox heads upInteresting. In general, I use the ESR version of Firefox from Mageia,
I run with the latest release of firefox from
https://www.mozilla.org/en-US/firefox/new/?scene=2#download-fx
Every time I install a new release my bank indicates it does not
recognize my device and requires a one time code and my password to
log into my account. Thereafter I only have to use my id/pw.
Since it seemed to only happen on major releases, I created a user.ps with >>
user_pref("general.useragent.override", "Mozilla/5.0 (X11; Linux x86_64; rv:200.0) Gecko/20100101 Firefox/200.0");
to set version at 200.0; after doing that bank did not send me through the >> one time code screens. Lo and behold after firefox-98.0.2.tar.bz2
install I had to go through the one time code logic on all logins.
Helpless Desk droid indicated fix was to clear/delete cookies or use a
different browser. It did not phase the droid that I had cookies deleted
upon log out.
Installed chromium-browser, bank sent me through one time code and all
logins thereafter without going through one time code logic.
I went back to firefox and still had to go through the one time logic on
every login.
Just for fun and 30+ logins later screwing with using user.ps I decided
to delete the ~mozilla/firefox directory and Wa La the bank site no longer >> required the one time code after the first firefox login.
Moral of this story is using one default profile directory can lead to
odd problems with some sites.
but have also used the latest release when sites don't recognize the ESR
as up-to-date, even when it is. Firefox requires different profiles for
each.
For some time, I'd say the last two years or so, my bank has required password and one-time passcode(or security question) before it will log
me in - every single time.
When I asked people who know more about this sort of thing than I do, I
was told that I should be happy that the bank was requiring that extra
level of identity security before allowing access to my accounts. At
least one person indicated he wouldn't stay with a bank that allowed
just password-based authentication.
So, I just get along with it.
Knowing your published feelings about security, I'm surprised you don't welcome that extra layer of protection, as well.
Even though it's really annoying.
I have to remember the last four of eight to complete writing down code number.
I never had a good, short time memory to start with.
On Sat, 2 Apr 2022 08:28:06 -0400, TJ wrote:
On 4/1/22 17:15, Bit Twister wrote:
firefox heads upInteresting. In general, I use the ESR version of Firefox from Mageia,
I run with the latest release of firefox from
https://www.mozilla.org/en-US/firefox/new/?scene=2#download-fx
Every time I install a new release my bank indicates it does not
recognize my device and requires a one time code and my password to
log into my account. Thereafter I only have to use my id/pw.
Since it seemed to only happen on major releases, I created a user.ps with >>>
user_pref("general.useragent.override", "Mozilla/5.0 (X11; Linux x86_64; rv:200.0) Gecko/20100101 Firefox/200.0");
to set version at 200.0; after doing that bank did not send me through the >>> one time code screens. Lo and behold after firefox-98.0.2.tar.bz2
install I had to go through the one time code logic on all logins.
Helpless Desk droid indicated fix was to clear/delete cookies or use a
different browser. It did not phase the droid that I had cookies deleted >>> upon log out.
Installed chromium-browser, bank sent me through one time code and all
logins thereafter without going through one time code logic.
I went back to firefox and still had to go through the one time logic on >>> every login.
Just for fun and 30+ logins later screwing with using user.ps I decided
to delete the ~mozilla/firefox directory and Wa La the bank site no longer >>> required the one time code after the first firefox login.
Moral of this story is using one default profile directory can lead to
odd problems with some sites.
but have also used the latest release when sites don't recognize the ESR
as up-to-date, even when it is. Firefox requires different profiles for
each.
Sounds like you might want to try the user.ps trick/kludge :)
For some time, I'd say the last two years or so, my bank has required
password and one-time passcode(or security question) before it will log
me in - every single time.
When I asked people who know more about this sort of thing than I do, I
was told that I should be happy that the bank was requiring that extra
level of identity security before allowing access to my accounts. At
least one person indicated he wouldn't stay with a bank that allowed
just password-based authentication.
So, I just get along with it.
Knowing your published feelings about security, I'm surprised you don't
welcome that extra layer of protection, as well.
I am not that sure it is that more secure. Current setup is a separate Linux account, that aborts if browser is running on my system telling me to
close them. Then launch browser with my index.html with the https link to bank. I am running my own DNS server instead of using router/isp DNS server. With this setup I would assume only way to catch id/pw would be on bank
web site or malware in router. Upon logout I tar in a pristine browser
setup and check for new directories/files.
I have set "above 10 cent" change alarms on my accounts to email me any change so I have a chance to stop any bogus charges. I also get an email about the success code authorization. Bank id is not my name and pw
is random Alpha numeric and special chars over 10 characters long.
I have hourly cron job checking for new logins.
I have the Advanced Intrusion Detection Environment​ (aide rpm)
installed to warn of any file changes.
Even though it's really annoying.
Really Annoying is very true. Recent change on bank site no longer provides email code delivery, just phone. Covid has caused organ and very mild brain damage.
Mild stroke earlier this year has affected my coordination.
Had to practice writing my name just to get a semblance of my previous signature let alone numbers. The computer voice giving me the
code spits out the numbers, two at a time, faster than I can write them down. Two at a time means _very_ slight pause between every two digits.
I have to remember the last four of eight to complete writing down code number.
I never had a good, short time memory to start with.
I get it, I really do. My bank offers the choice of me answering a
"security question" or getting a phone call or text with the multi-digit passcode. I remember lying on most of the security questions to make it harder for others to answer them, but I never wrote the lies down and
have since forgotten them.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 48:30:46 |
Calls: | 6,710 |
Calls today: | 3 |
Files: | 12,243 |
Messages: | 5,354,640 |
Posted today: | 1 |