LogFAQs > #913756426

LurkerFAQs, Active DB, DB1, DB2, DB3, Database 4 ( 07.23.2018-12.31.2018 ), DB5, DB6, DB7, DB8, DB9, DB10, DB11, DB12, Clear

Topic List	Page List: 1
Topic	I hate how SMS verification is becoming a thing
Smarkil 12/08/18 2:57:22 AM #34:	LinkPizza posted... Smarkil posted... LinkPizza posted... Its not just that. When I broke my cell phone and was trying to get a new one, I had to log in my account to do something first. Then, when I tried to log in, you sill needed a phone even when you put you didnt have one. So, I had to jump through hoops to still get it done. They should be able to cater to everyone, though. And allow you to turn it off if you dont want it... But you got in didn't you? How often are you breaking your cell phone that you would need to do that? They gave you a workaround that worked. For the 99% of their user base that has a working phone, it's a tremendous improvement. They shouldn't jeopardize their platform for edge cases. They didnt give me a work around. I had to find a way to use someone elses phone. The problem was, when you use another phone, you have to go through a verification process. Which means that after using their phone, I have to wait from like a few days to a week for a random calm or text from them. It could be at anytime. And you only had a certain amount of time to be able to answer and then log in. Which would suck if I was at work. or couldnt reach the person. But I had all the other info like account name, password, credit card info, etc... They should have just let me in my own account if Inhad all that... Because of someone else had all that info, they could still easily hack my account by changing the number to their own, anyway... I dont see how its an improvement, anyway. They should let people who dont want it to be able to turn it off. And the people who want it can keep it. That would make more sense. You can choose your level of security. They wonder why peoples passwords are simple these days. Or why people write them down. Or use the same one for everything. Its because they make it so you have to make them 16 characters. And they have to have upper case letters, lowercase letters, numbers, symbols, the blood of your first born child, etc... Just let people make a password they want. If they get hacked, its there fault. Suggest making a better password if you think its weak, but dont force them to make it something they cant remember... It's an improvement because it's probably the single most effective way to improve security on your user accounts. And many organizations do allow you to choose the level of security on your account, however, they're still going to get blamed if a user opts not to use it. There are a number of government regulations that require certain institutions (IE banks) to put that shit in place otherwise they get fined (at best) after auditors find that shit to be materially deficient. And passwords ARE changing. The most recent NIST guidelines for password requirements now recommend passwords just be long. At least 12 characters IIRC. They don't care about complexity anymore, because length will always be more effective at preventing brute force. They're also removing complexity guidelines for the very reason you stated; people are lazy. But unfortunately it takes time for that stuff to go into place. Businesses don't move quickly. --- I promise that if the game stinks I will make a topic about how I hate it and you can all laugh at me - Mead on Fallout 76 <cite>Smarkil posted [p:913756426] in I hate how... [t:77270661]...</cite> <quote><cite>LinkPizza posted...</cite> <quote><cite>Smarkil posted...</cite> <quote><cite>LinkPizza posted...</cite> <quote>Its not just that. When I broke my cell phone and was trying to get a new one, I had to log in my account to do something first. Then, when I tried to log in, you sill needed a phone even when you put you didnt have one. So, I had to jump through hoops to still get it done. They should be able to cater to everyone, though. And allow you to turn it off if you dont want it...</quote> But you got in didn't you? How often are you breaking your cell phone that you would need to do that? They gave you a workaround that worked. For the 99% of their user base that has a working phone, it's a tremendous improvement. They shouldn't jeopardize their platform for edge cases.</quote> They didnt give me a work around. I had to find a way to use someone elses phone. The problem was, when you use another phone, you have to go through a verification process. Which means that after using their phone, I have to wait from like a few days to a week for a random calm or text from them. It could be at anytime. And you only had a certain amount of time to be able to answer and then log in. Which would suck if I was at work. or couldnt reach the person. But I had all the other info like account name, password, credit card info, etc... They should have just let me in my own account if Inhad all that... Because of someone else had all that info, they could still easily hack my account by changing the number to their own, anyway... I dont see how its an improvement, anyway. They should let people who dont want it to be able to turn it off. And the people who want it can keep it. That would make more sense. You can choose your level of security. They wonder why peoples passwords are simple these days. Or why people write them down. Or use the same one for everything. Its because they make it so you have to make them 16 characters. And they have to have upper case letters, lowercase letters, numbers, symbols, the blood of your first born child, etc... Just let people make a password they want. If they get hacked, its there fault. Suggest making a better password if you think its weak, but dont force them to make it something they cant remember...</quote> It's an improvement because it's probably the single most effective way to improve security on your user accounts. And many organizations do allow you to choose the level of security on your account, however, they're still going to get blamed if a user opts not to use it. There are a number of government regulations that require certain institutions (IE banks) to put that shit in place otherwise they get fined (at best) after auditors find that shit to be materially deficient. And passwords ARE changing. The most recent NIST guidelines for password requirements now recommend passwords just be long. At least 12 characters IIRC. They don't care about complexity anymore, because length will always be more effective at preventing brute force. They're also removing complexity guidelines for the very reason you stated; people are lazy. But unfortunately it takes time for that stuff to go into place. Businesses don't move quickly. --- I promise that if the game stinks I will make a topic about how I hate it and you can all laugh at me - Mead on Fallout 76 </quote> ... Copied to Clipboard!
Topic List	Page List: 1