On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.
I'm in the process of selling my house, and I need somewhere secure to
hold the proceeds. I decided I'd create a account with a bank I don't
otherwise bank with, and interact online with it using a live-DVD on a
system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere.
Until you don't remember it, then what?
Because let's face it, eventually we all forget the password.
This is really a rant - venting to release some of the frustration.
I'm in the process of selling my house, and I need somewhere secure to
hold the proceeds. I decided I'd create a account with a bank I don't otherwise bank with, and interact online with it using a live-DVD on a
system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere.
On Tue, 30 Jan 2024 10:39:28 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.
I'm in the process of selling my house, and I need somewhere secure to
hold the proceeds. I decided I'd create a account with a bank I don't
otherwise bank with, and interact online with it using a live-DVD on a
system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere.
Until you don't remember it, then what?
Because let's face it, eventually we all forget the password.
That's a very presumptuous thing to say. I have my own ways of storing and retrieving passwords (which may include just my memory) and I'm confident they are secure and reliable enough. So don't include me in your "we".
I share Sylvia's frustration and it's not just with banks. Pretty much any online site with an option to create an account , will also have some kind
of password reminder , usually sent to your email. Very often I have wished for sites to offer the option when creating an account to disable any password reminders but I have yet to see a site which does this.
This is really a rant - venting to release some of the frustration.
I'm in the process of selling my house, and I need somewhere secure to
hold the proceeds. I decided I'd create a account with a bank I don't otherwise bank with, and interact online with it using a live-DVD on a
system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere.
Except that the banks insist on having a password reset option,
validated using an SMS. This undermines my attempts at ensuring that the account remains secure.
I've tried telling banks (and other entities, indeed) that I don't want
the ability to reset the password. No go, because such an option is not implemented in their systems.
Telcos in Australia have some quite strict rules regarding transfer of
mobile phone numbers, but the rules still get broken, and frauds
committed thereby.
If someone perpetrated a fraud as a consequence of the SMS password
reset, I'd have a good case that it was a fraud against the bank, rather
than against me, and that it was therefore the bank's loss.
Still, I'd rather not have to deal with it.
I looked at having a SecurIDĀ® device as 2FA. But guess what? It can be
used to reset the password.
So I'm tearing my hair out. Why do banks have this huge blind-spot when
it comes to resetting passwords?
On Tue, 30 Jan 2024 10:39:28 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.Until you don't remember it, then what?
I'm in the process of selling my house, and I need somewhere secure to
hold the proceeds. I decided I'd create a account with a bank I don't
otherwise bank with, and interact online with it using a live-DVD on a
system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere. >>
Because let's face it, eventually we all forget the password.
That's a very presumptuous thing to say. I have my own ways of storing and retrieving passwords (which may include just my memory) and I'm confident they are secure and reliable enough. So don't include me in your "we".
I share Sylvia's frustration and it's not just with banks.
This is really a rant - venting to release some of the frustration.
I'm in the process of selling my house, and I need somewhere secure to
hold the proceeds. I decided I'd create a account with a bank I don't otherwise bank with, and interact online with it using a live-DVD on a
system that has no storage. So no risk of key loggers or other hacks.
Except that the banks insist on having a password reset option,
validated using an SMS. This undermines my attempts at ensuring that the account remains secure.
I've tried telling banks (and other entities, indeed) that I don't want
the ability to reset the password. No go, because such an option is not implemented in their systems.
Telcos in Australia have some quite strict rules regarding transfer of
mobile phone numbers, but the rules still get broken, and frauds
committed thereby.
If someone perpetrated a fraud as a consequence of the SMS password
reset, I'd have a good case that it was a fraud against the bank, rather
than against me, and that it was therefore the bank's loss.
Still, I'd rather not have to deal with it.
Spiros Bousbouras <spibou@gmail.com> writes:
On Tue, 30 Jan 2024 10:39:28 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.Until you don't remember it, then what?
I'm in the process of selling my house, and I need somewhere secure to >>>> hold the proceeds. I decided I'd create a account with a bank I don't
otherwise bank with, and interact online with it using a live-DVD on a >>>> system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere. >>>
Because let's face it, eventually we all forget the password.
That's a very presumptuous thing to say. I have my own ways of storing and >> retrieving passwords (which may include just my memory) and I'm confident
they are secure and reliable enough. So don't include me in your "we".
I share Sylvia's frustration and it's not just with banks.
I share Sylvia's frustration as well. It's not just with banks. Things
are become ever more centralized. Centralization designs products and services to the average customer and business invest in shaping people
so that if fits their business model. Along with that new cultural
values appear. People seem a lot less interested in serving people. We
have to fit in with the system now. People who keep their individuality
are nuisance to the system.
I wonder what happens in the limiting case.
Just as an aside, when I created my online account for the bank, it
told me my user id, expressed as two four digit groups separated by a
space.
But will it accept the user id in that format? No, of course not.
Sylvia Else <sylvia@email.invalid> wrote:
Just as an aside, when I created my online account for the bank, it
told me my user id, expressed as two four digit groups separated by a
space.
But will it accept the user id in that format? No, of course not.
This is far too common.
What it means is developer team 1, possibly at time 1, created the
"onboard a new user account" web pages, while developer team 2, likely
at different time 2, created the actual "log an existing user on" web
pages,
and neither team talked or interacted with each other to learn what the
other team had done.
In article <87o7d2s30v.fsf@yaxenu.org>, Julieta Shem <jshem@yaxenu.org> wrote:
Interesting that the richest industry is not actually able to hire a >>competent professional.
"Rich people did not get rich by spending money."
-- my uncle Paul
Sylvia Else <sylvia@email.invalid> wrote:
Just as an aside, when I created my online account for the bank, it
told me my user id, expressed as two four digit groups separated by a
space.
But will it accept the user id in that format? No, of course not.
This is far too common.
Interesting that the richest industry is not actually able to hire a >competent professional.
Sylvia Else <sylvia@email.invalid> wrote:
This is the same symptom that gives "password" fields that (if a
description is even privided) says "use any characters except $ and %
for your password" [1] yet when you actually try to use a password with
^ or # you mysteriously discover that # or ^ is also on the "you can't
use that" list, but not mentioned in the visible documentation. And sometimes discover that the documented $ or % is actually acceptable.
kludge@panix.com (Scott Dorsey) writes:
In article <87o7d2s30v.fsf@yaxenu.org>, Julieta Shem <jshem@yaxenu.org> wrote:
Interesting that the richest industry is not actually able to hire a
competent professional.
"Rich people did not get rich by spending money."
-- my uncle Paul
I think it's more profound than that. I think (1) the craft is a lot
more difficult than the average professional is able to understand; (2)
not to mention the average entrepeneur who hired the professional; (3) a
rich industry that targets poor people doesn't care: they have numbers
that say that they won't make more money by having some respect.
On Tue, 30 Jan 2024 10:39:28 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.Until you don't remember it, then what?
I'm in the process of selling my house, and I need somewhere secure to
hold the proceeds. I decided I'd create a account with a bank I don't
otherwise bank with, and interact online with it using a live-DVD on a
system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere. >>
Because let's face it, eventually we all forget the password.
That's a very presumptuous thing to say. I have my own ways of storing and retrieving passwords (which may include just my memory) and I'm confident they are secure and reliable enough. So don't include me in your "we".
On 2024-01-30, Spiros Bousbouras wrote:
On Tue, 30 Jan 2024 10:39:28 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.Until you don't remember it, then what?
I'm in the process of selling my house, and I need somewhere secure to >>>> hold the proceeds. I decided I'd create a account with a bank I don't
otherwise bank with, and interact online with it using a live-DVD on a >>>> system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere. >>>
Because let's face it, eventually we all forget the password.
That's a very presumptuous thing to say. I have my own ways of storing and >> retrieving passwords (which may include just my memory) and I'm confident
they are secure and reliable enough. So don't include me in your "we".
So if I was to sit you down at any freshly installed PC of your choice,
you could log-in to *any* random service to which you have a username/password combination *from memory* ?
Because if there is even a single service to which the truthful answer (which, admittedly I will never know; because this is Usenet, and you
can vehemently deny it to your last post) is "well, actually, I'd
have to use [password-tool-of-choice] for that site"; then you are
solidly in the group of "people who have forgotten the password".
Julieta Shem <jshem@yaxenu.org> writes:
Spiros Bousbouras <spibou@gmail.com> writes:
On Tue, 30 Jan 2024 10:39:28 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.Until you don't remember it, then what?
I'm in the process of selling my house, and I need somewhere secure to >>>>> hold the proceeds. I decided I'd create a account with a bank I don't >>>>> otherwise bank with, and interact online with it using a live-DVD on a >>>>> system that has no storage. So no risk of key loggers or other hacks. >>>>> I'd remember the strong password, and not have it written down anywhere. >>>>
Because let's face it, eventually we all forget the password.
That's a very presumptuous thing to say. I have my own ways of storing and >>> retrieving passwords (which may include just my memory) and I'm confident >>> they are secure and reliable enough. So don't include me in your "we".
I share Sylvia's frustration and it's not just with banks.
I share Sylvia's frustration as well. It's not just with banks. Things
are become ever more centralized. Centralization designs products and
services to the average customer and business invest in shaping people
so that if fits their business model. Along with that new cultural
values appear. People seem a lot less interested in serving people. We
have to fit in with the system now. People who keep their individuality
are nuisance to the system.
From the POV of finance (see "financialization of everything",
elsewhere) employees, customers, clients and also product, tangible or otherwise, are externalities.
I wonder what happens in the limiting case.
The ultimate promise of the computer, from the earliest days that its development attracted corporate money, was, "Turn it on; money comes
out". Cryptocurrency is the closest we've come to this ideal but it's
not without problems. Morphing everything that everybody does into a
digital transaction, to the internal mechanisms of which no one [1] has access, gradually expunging other routines for "what everybody does",
appears to be the leading candidate.
On Wed, 31 Jan 2024 11:10:34 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
On 2024-01-30, Spiros Bousbouras wrote:
On Tue, 30 Jan 2024 10:39:28 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.
I'm in the process of selling my house, and I need somewhere secure to >> >> > hold the proceeds. I decided I'd create a account with a bank I don't >> >> > otherwise bank with, and interact online with it using a live-DVD on a >> >> > system that has no storage. So no risk of key loggers or other hacks. >> >> > I'd remember the strong password, and not have it written down anywhere.
Until you don't remember it, then what?
Because let's face it, eventually we all forget the password.
That's a very presumptuous thing to say. I have my own ways of storing and >> > retrieving passwords (which may include just my memory) and I'm confident >> > they are secure and reliable enough. So don't include me in your "we".
So if I was to sit you down at any freshly installed PC of your choice,
you could log-in to *any* random service to which you have a
username/password combination *from memory* ?
No. I will note in passing that even a yes answer would not necessarily
be unrealistic. It depends on how many online accounts one has. Someone
may only have an email online account and nothing more so would only
need to remember one password.
Because if there is even a single service to which the truthful answer
(which, admittedly I will never know; because this is Usenet, and you
can vehemently deny it to your last post) is "well, actually, I'd
have to use [password-tool-of-choice] for that site"; then you are
solidly in the group of "people who have forgotten the password".
No , I am in the group of people who never memorised the password.
[...]
In any case , I see now that I read in your post more than what you
intended. You said "then what?" and I interpreted that as suggesting
that we all need help from the website in retrieving passwords and
that's what I found especially presumptuous.
On 31-Jan-24 10:10 pm, Dan Purgert wrote:
On 2024-01-30, Spiros Bousbouras wrote:Just need to remember the one username and password for site where the
On Tue, 30 Jan 2024 10:39:28 -0000 (UTC)
Dan Purgert <dan@djph.net> wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.Until you don't remember it, then what?
I'm in the process of selling my house, and I need somewhere secure to >>>>> hold the proceeds. I decided I'd create a account with a bank I don't >>>>> otherwise bank with, and interact online with it using a live-DVD on a >>>>> system that has no storage. So no risk of key loggers or other hacks. >>>>> I'd remember the strong password, and not have it written down anywhere. >>>>
Because let's face it, eventually we all forget the password.
That's a very presumptuous thing to say. I have my own ways of storing and >>> retrieving passwords (which may include just my memory) and I'm confident >>> they are secure and reliable enough. So don't include me in your "we".
So if I was to sit you down at any freshly installed PC of your choice,
you could log-in to *any* random service to which you have a
username/password combination *from memory* ?
Because if there is even a single service to which the truthful answer
(which, admittedly I will never know; because this is Usenet, and you
can vehemently deny it to your last post) is "well, actually, I'd
have to use [password-tool-of-choice] for that site"; then you are
solidly in the group of "people who have forgotten the password".
backup copy of the encrypted password database is stored, and the
passphrase to decrypt that database. Not that hard.
On 30-Jan-24 9:39 pm, Dan Purgert wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.
I'm in the process of selling my house, and I need somewhere secure to
hold the proceeds. I decided I'd create a account with a bank I don't
otherwise bank with, and interact online with it using a live-DVD on a
system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere.
Until you don't remember it, then what?
Because let's face it, eventually we all forget the password.
If I say I won't forget, you've no real reason to doubt me. There are
many things that I've remembered for decades.
In the event that I really did forget, then I'd have to show up at one
of the bank's offices with physical identity documents.
On 30/01/2024 10:57, Sylvia Else wrote:
On 30-Jan-24 9:39 pm, Dan Purgert wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.Until you don't remember it, then what?
I'm in the process of selling my house, and I need somewhere secure to >>> hold the proceeds. I decided I'd create a account with a bank I don't
otherwise bank with, and interact online with it using a live-DVD on a >>> system that has no storage. So no risk of key loggers or other hacks.
I'd remember the strong password, and not have it written down anywhere. >>
Because let's face it, eventually we all forget the password.
If I say I won't forget, you've no real reason to doubt me. There are
many things that I've remembered for decades.
I don't doubt you, but your ability to remember a password that isn't
easily guessable and isn't re-used on multiple sites puts you in the top
0.1% of the population. Banks, however, have to deal with the remaining
99.9% as well.
In the event that I really did forget, then I'd have to show up at one
of the bank's offices with physical identity documents.
That's the last thing they want people doing. Imagine going into the
bank to find that there are 15 people ahead of you in the queue, all
waiting to go through a 5 minute process of showing documents to prove
their identity to get their password changed.
The banks don't want to pay their staff to change passwords, they want
to pay them to sell you a new savings account or to take out a loan.
FWIW my bank in the UK gives out a free card reader device, a bit like a pocket calculator, for their 2FA system. To use it you insert your bank
card, enter your card pin, which it validates using the chip in the chip
& pin card and then displays an 8 digit number to enter into the website.
You use this to log in initially (so no password to remember) and then
to re-authenticate prior to carrying out any sensitive actions such as
making a payment or changing personal details.
On 30/01/2024 10:57, Sylvia Else wrote:
On 30-Jan-24 9:39 pm, Dan Purgert wrote:
On 2024-01-30, Sylvia Else wrote:
This is really a rant - venting to release some of the frustration.
I'm in the process of selling my house, and I need somewhere secure
to hold the proceeds. I decided I'd create a account with a bank I
don't otherwise bank with, and interact online with it using a
live-DVD on a system that has no storage. So no risk of key loggers
or other hacks. I'd remember the strong password, and not have it
written down anywhere.
Until you don't remember it, then what?
Because let's face it, eventually we all forget the password.
If I say I won't forget, you've no real reason to doubt me. There are
many things that I've remembered for decades.
I don't doubt you, but your ability to remember a password that isn't
easily guessable and isn't re-used on multiple sites puts you in the
top 0.1% of the population. Banks, however, have to deal with the
remaining 99.9% as well.
In the event that I really did forget, then I'd have to show up at
one of the bank's offices with physical identity documents.
That's the last thing they want people doing. Imagine going into the
bank to find that there are 15 people ahead of you in the queue, all
waiting to go through a 5 minute process of showing documents to prove
their identity to get their password changed.
The banks don't want to pay their staff to change passwords, they want
to pay them to sell you a new savings account or to take out a loan.
FWIW my bank in the UK gives out a free card reader device, a bit like
a pocket calculator, for their 2FA system. To use it you insert your
bank card, enter your card pin, which it validates using the chip in
the chip & pin card and then displays an 8 digit number to enter into
the website.
You use this to log in initially (so no password to remember) and then
to re-authenticate prior to carrying out any sensitive actions such as
making a payment or changing personal details.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 388 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 05:15:32 |
| Calls: | 8,220 |
| Calls today: | 18 |
| Files: | 13,122 |
| Messages: | 5,872,259 |
| Posted today: | 1 |