Well, I don't do much work in telephony/VOIP, but cell calls and VOIP calls are effectively the same tech at this point. Might be different networks, but that's irrelevant for MFA, technically speaking.
The issue with MFA these days is more about the ways it gets bypassed. Phone calls and texts are better than no MFA, but they're also not good implementations of MFA. Microsoft, just as the easiest example, is starting to not only enforce MFA, but no longer allow you to use phone numbers for calls/texts.
Phone call: The system doesn't know who's answering the phone. The call itself can also be intercepted in other ways. Google Voice can be accessed from any computer in the world, so it's definitely not unique to you.
SMS messages: These, like phone calls, get intercepted. They don't need to have your phone to do it, only your phone number.
MFA fatigue: You aren't the one attempting to log in, but someone repeatedly tries and your phone keeps going off until you can't take it anymore and you hit the "yes" button just to make it stop. Yes, this actually happens more than anyone realizes.
Best practice is to have an authentication app on a phone. The application, when prompting for MFA, does not ask for a code, but presents a code on the computer screen that you have to provide to your app. This means if someone is attempting to get in to your account you can't blindly hit yes because you don't have the code. It also means the code is not in transit to be intercepted at any point *before* it's already being authenticated against. However, this also isn't how the vast majority of sites are set up to use MFA.
There's also some very technical ways to bypass MFA, but they're not common and hard to pull off. It happens, but it's not a reason to not have MFA at this point. Bad MFA better than none, but companies are starting to block bad MFA too.
That's right. Naked and nerdy. Bask in it.
...reply about MFA weaknesses...
Still doesn't explain why "Call me" works for cell phones but not VoIP phones. Unless more cagey MFAs now recognize VoIP numbers and refuse to use them.
That's right. Naked and nerdy. Bask in it.
...reply about MFA weaknesses...Still doesn't explain why "Call me" works for cell phones but not VoIP phones. Unless more cagey MFAs now recognize VoIP numbers and refuse to use them.
Yes, that's part of what I was implying.
Yes, that's part of what I was implying....reply about MFA weaknesses...Still doesn't explain why "Call me" works for cell phones but not VoIP phones. Unless more cagey MFAs now recognize VoIP numbers and refuse to use them.
Which begs the question: If you're a government site and you knew that by enforcing stricter MFA you were going to lock out 0.5-2.0% of your user base, shouldn't you have had a contingency plan?
The Social Security Administration was awesome: "Hey. In 6 months we're disabling our password management system in favor of either id.me or login.gov. Please set up your account with one of them or you'll get locked out and have to work with one of our service reps."
But I happen to HAVE an Id.me account, and it was Id.me that decided to go to stricter MFA without telling anyone...
| 1 person marked this as a favorite. |
That would require customer service to exist.
Second part of James May vs AI in kitchen. Now James tries to use the same ingredients to make something edible.
Working today. July crunch and all that.
We've been working in full sun (the shade sail posts are now being installed next week) for almost four weeks now including the kitchen install so Crookshanks has reached her limit so I've been staying later and trying to get everything done so we can move on to the next project.
Because I live alone and I don't have any pets I don't use hardly any power during the day (besides the juice keeping everything ready) and I leave my windows open during the day so by the time I get home and take a shower it's already late enough that turning on the AC is pointless.
So my power bill is usually less than half of what it is in the winter.
Because I live alone and I don't have any pets I don't use hardly any power during the day (besides the juice keeping everything ready) and I leave my windows open during the day so by the time I get home and take a shower it's already late enough that turning on the AC is pointless.
So my power bill is usually less than half of what it is in the winter.
Which is funny, because in the Bay Area we don't have air conditioning, so our power bill in the winter can approach $400 because of gas use, whereas our power bill in the summer is typically $30-$40.
The Social Security Administration was awesome: "Hey. In 6 months we're disabling our password management system in favor of either id.me or login.gov. Please set up your account with one of them or you'll get locked out and have to work with one of our service reps."
Except that people get bombarded by "this is the social security administration you have to change your password" scams all the time. To the point that that one triggered spam filters hard.
And then the phone system and website is set up specifically to NEVER send you to a service rep because that costs money, it just sends you in a loop chasing your own tail. The help page leads to several options which leads to other options which "need more help" leads you back to the front page.
please listen to the following options. If you are an argentenian canvas importer press 1.... with none of the options applying and then leading you back to the start menu.
The new york state website is horrific because its 8 websites stuck together and they don't communicate well. You have to reset your password every 4 months, the website lies about what the password requirements are, and getting into the job hunting part of the website and changing your password will tell the other parts of the website your old passwords are wrong and the other parts of the website will tell you that your new password is wrong too.
Because I live alone and I don't have any pets I don't use hardly any power during the day (besides the juice keeping everything ready) and I leave my windows open during the day so by the time I get home and take a shower it's already late enough that turning on the AC is pointless.
So my power bill is usually less than half of what it is in the winter.
Which is funny, because in the Bay Area we don't have air conditioning, so our power bill in the winter can approach $400 because of gas use, whereas our power bill in the summer is typically $30-$40.
my bill is about 55 in the winter and about 25 in the summer.
| 1 person marked this as a favorite. |
Except that people get bombarded by "this is the social security administration you have to change your password" scams all the time. To the point that that one triggered spam filters hard.
That's "funny" in the sense of "strange" -- I've heard of such scams, but in spite of joining AARP and constantly researching retirement I haven't seen any yet, much less been bombarded by them. Different areas, different experiences.
And then the phone system and website is set up specifically to NEVER send you to a service rep because that costs money, it just sends you in a loop chasing your own tail. The help page leads to several options which leads to other options which "need more help" leads you back to the front page.
please listen to the following options. If you are an argentenian canvas importer press 1.... with none of the options applying and then leading you back to the start menu.
Wow... I've never used the SS one, but the DMV one definitely has these features.
The new york state website is horrific because its 8 websites stuck together and they don't communicate well. You have to reset your password every 4 months, the website lies about what the password requirements are, and getting into the job hunting part of the website and changing your password will tell the other parts of the website your old passwords are wrong and the other parts of the website will tell you that your new password is wrong too.
Don't. Get. Me. Started.
(1) If a "password" can't use the entire 94-character printable ASCII set, the person who coded that field should be fired with cause immediately, and it should be part of their permanent record, "Too stupid to parse strings."
(2) If an organization has multiple sites requiring multiple passwords and those password requirements are different, IT management should all be fired with a note on their permanent record, "Can't provide clear requirements to their teams." Yes, I know those sites are uniformly coded by contractors, but management is responsible for writing the requirements and ensuring the final product meets those requirements. Global megacorporation is guilty of this, and yes, I've filed complaints about it.
(3) There are decades of research that forced password changes reduce security in *almost* all situations. The exceptions are people with administrative access to sensitive systems. Who aren't your typical SSA customers.
| 5 people marked this as a favorite. |
I always joked with Former Coworker about steering a patio or wall into a ditch until it exploded. Props to him for actually doing both. Who needs professional dignity, amiright!
| 5 people marked this as a favorite. |
Dubious adult achievement unlocked: school uniform shopping.
Sixth graders at Teensy Valeros's school wear all black and heather grey. I find it demoralizing, but he just said, "Mama! If I get a black jacket for winter, I can cosplay as Prince Corwin in Amber!"
So at least he can find joy in it.
Mama! If I get a black jacket for winter, I can cosplay as Prince Corwin in Amber!"
<3
| 1 person marked this as a favorite. |
I volunteer at the local VA Hospital.
To get my employee badge, I have to go through a background check that includes fingerprinting.A couple weeks ago I got an email about my badge being cancelled, and that I needed to come in and go through the complete vetting process again.
In the email was the link to renew my badge.
Really, VA? An email link that asks for personal identification information for a security clearance?!
I found a solution to that for most places: I forward it to their fraud department.
Global Megacorporation sent me a personalized "cease and desist" email for constantly reporting Global IT messages as "suspected fraud"... *BUT* after a year of it they relented and we no longer get links in emails. I've done it with my bank and my credit card companies, mostly with success.
If you inundate the security department with their own messages and the comment, "Real security-minded companies don't send links in emails," they tend to kind of get the picture...
Except that people get bombarded by "this is the social security administration you have to change your password" scams all the time. To the point that that one triggered spam filters hard.That's "funny" in the sense of "strange" -- I've heard of such scams, but in spite of joining AARP and constantly researching retirement I haven't seen any yet, much less been bombarded by them. Different areas, different experiences.
After all that tirading today I got yet another call offering to assist me with my Medicaid.
So yeah, I don't get password reset calls or emails, but a couple of times a week I get an earnest-sounding person offering to help navigate me through the changes to my Medicaid...
...which I'm not eligible for for another 9 years barring permanent injury.
help navigate me through the changes to my Medicaid...
...which I'm not eligible for for another 9 years barring permanent injury.Which you're probably not ever going to be eligible for because you are well over the assets limits.
Were they offering to help with MediCARE or MedicAID?
This particular call was for MedicAID, but I get calls for both all the time. As you can tell, I'm GenX. My entire life I was told, "Don't plan on Social Security or Medicare because they'll be gone by the time you retire," so if they still exist in a decade it'll be a nice surprise.
EDIT: Oh, my goodness! You made me curious enough to look up Medicaid requirements. Yeah, things would have to go very, very south for us to ever qualify...
| 2 people marked this as a favorite. |
Dubious adult achievement unlocked: school uniform shopping.
Sixth graders at Teensy Valeros's school wear all black and heather grey. I find it demoralizing, but he just said, "Mama! If I get a black jacket for winter, I can cosplay as Prince Corwin in Amber!"
So at least he can find joy in it.
Colors I both like and can visually differentiate! I'm in.
| 2 people marked this as a favorite. |
I volunteer at the local VA Hospital.
To get my employee badge, I have to go through a background check that includes fingerprinting.A couple weeks ago I got an email about my badge being cancelled, and that I needed to come in and go through the complete vetting process again.
In the email was the link to renew my badge.
Really, VA? An email link that asks for personal identification information for a security clearance?!
Yeah. No. Contact your direct supervisor about it, but in my world that gets flagged as a phishing attempt.
Color me astonished. I got an email contact from an actual human being from Id.me over the weekend.
Furthermore, although they provided a link (bad id.me), they also provided the raw address so that paranoid people like me can verify it and then type it in manually. Plus it's only a doc upload of a photo ID, and I use my driver's license because I'm generally unconcerned about a public document being in the public domain.
So:
(1) A human being contacted me.
(2) A human being contacted me over the weekend.
(3) Said human being immediately recognized the issue and provided an accurate step-by-step solution to my problem.
(4) Id.me gave me a raw URL that I could parse and recognize as legitimate (no redirects).
(5) The solution involves uploading an insecure document where it doesn't matter if it enters the public domain.
Not bad, Id.me. Not bad at all.
| 3 people marked this as a favorite. |
And briefly returning to my anti-IPA tirade, yesterday was a quintessential example of why I hate them so: When I drank, I preferred brown or black beers, typically brown ales or stouts. Now that I don't drink, I only use beer for cooking, and once again you almost always use brown ales or lagers in cooking because of their deep, rich flavors. I honestly don't know of a recipe that calls for an IPA, but I'm sure if I Googled I could find something.
So I went to Safeway yesterday to return a carpet cleaner and pick up ingredients for Vincent Price's carbonnade of beef, which requires "one pint of brown ale". In spite of their dedication of an entire 60'+ aisle to beer, there wasn't a single brown ale to be found. The entire left half of the aisle was IPAs. Dozens and dozens of choices of IPAs. In the middle you had Guinness and Modelo Monte Negro as their two concessions to dark beers, plus two hefe weizens. And on the right half was your undrinkable dreck; your Budweisers, Coors, and the like. So, an entire aisle of beer with at least 50 different beers available. And because of the trendiness of IPAs, if you didn't want an IPA or a crap beer, you were S.O.L.
I don't mind if someone claims they like IPAs. I despise that they've become so trendy that it's become a serious quest to find a decent brown beer.
EDIT: I thought of a good analogy: Suppose you didn't like rap when it first came out. Yet every non-top-40 music station in the country switched to an all-rap format. Every record store sold nothing but rap or Top 40 CDs, with one Metallica CD thrown in for "variety". You'd end up with a lot of resentment towards rap, deserved or undeserved, because it had drowned out all other forms of music. I feel that's what IPAs have done: They're so overwhelmingly trendy that you have a heck of a time finding anything else.
Dubious adult achievement unlocked: school uniform shopping.
Sixth graders at Teensy Valeros's school wear all black and heather grey. I find it demoralizing, but he just said, "Mama! If I get a black jacket for winter, I can cosplay as Prince Corwin in Amber!"
So at least he can find joy in it.
| 2 people marked this as a favorite. |
Get off his lawn salt field!
And briefly returning to my anti-IPA tirade, yesterday was a quintessential example of why I hate them so: When I drank, I preferred brown or black beers, typically brown ales or stouts. Now that I don't drink, I only use beer for cooking, and once again you almost always use brown ales or lagers in cooking because of their deep, rich flavors. I honestly don't know of a recipe that calls for an IPA, but I'm sure if I Googled I could find something.
So I went to Safeway yesterday to return a carpet cleaner and pick up ingredients for Vincent Price's carbonnade of beef, which requires "one pint of brown ale". In spite of their dedication of an entire 60'+ aisle to beer, there wasn't a single brown ale to be found. The entire left half of the aisle was IPAs. Dozens and dozens of choices of IPAs. In the middle you had Guinness and Modelo Monte Negro as their two concessions to dark beers, plus two hefe weizens. And on the right half was your undrinkable dreck; your Budweisers, Coors, and the like. So, an entire aisle of beer with at least 50 different beers available. And because of the trendiness of IPAs, if you didn't want an IPA or a crap beer, you were S.O.L.
I don't mind if someone claims they like IPAs. I despise that they've become so trendy that it's become a serious quest to find a decent brown beer.
EDIT: I thought of a good analogy: Suppose you didn't like rap when it first came out. Yet every non-top-40 music station in the country switched to an all-rap format. Every record store sold nothing but rap or Top 40 CDs, with one Metallica CD thrown in for "variety". You'd end up with a lot of resentment towards rap, deserved or undeserved, because it had drowned out all other forms of music. I feel that's what IPAs have done: They're so overwhelmingly trendy that you have a heck of a time finding anything else.
Brown ale is not a fashionable beer, more's the pity. Newcastle Brown is pretty ubiquitous over here - I can only think of a couple of others (Mann's, and Ansbach & Hobsday, which are much more scarce)
| 1 person marked this as a favorite. |
Brown ale is not a fashionable beer, more's the pity. Newcastle Brown is pretty ubiquitous over here
I remember Newcastle Brown being fairly popular among the hipster crowd when I was in college. I definitely drank my fair share of the stuff. It's not bad.
Brown ale is not a fashionable beer, more's the pity. Newcastle Brown is pretty ubiquitous over hereI remember Newcastle Brown being fairly popular among the hipster crowd when I was in college. I definitely drank my fair share of the stuff. It's not bad.
I used to love it, but you can't get it in the US anymore. Lagunitas is bottling something with the same name but not remotely close to the flavor or quality of the original.
Which is a damned shame.
Brown ale is not a fashionable beer, more's the pity. Newcastle Brown is pretty ubiquitous over hereI remember Newcastle Brown being fairly popular among the hipster crowd when I was in college. I definitely drank my fair share of the stuff. It's not bad.I used to love it, but you can't get it in the US anymore. Lagunitas is bottling something with the same name but not remotely close to the flavor or quality of the original.
Which is a damned shame.
Sounds like my 20+ year quest to find decent Guinness in the U.S. When my friend and I first visited England in 1987, we went to a local pub and an older gent overheard us and said, "Oy! Yer 'Merikan, aren't yeh? Lemme buy you a pint o' sometin' proper, 'cause I went to the U.S. a while ago an' everyone treated me grand!"
He bought us a couple pints of Guinness, and they were nirvana. Found it in the U.S. and it was bitter sludge. Yet when I ordered it on tap at The Black Sheep in Ashland, Oregon, it was again fantastic. I asked the owner his secret, and he said that you had to get the Guinness brewed in Ireland, not in Canada where all U.S. Guinness was being brewed.
And that was indeed the case. I wouldn't buy the bottled or canned stuff, but at bars I'd ask where they got their Guinness and found a few places that stocked the Irish stuff. They finally started bringing in Irish Guinness in cans somewhere in the early naughts, but that was just as my alcoholism was kicking in and anything "beer proof" wasn't strong enough for me any more...
My people have made a punch with Guinness for a long time. It always includes a raw egg, cinnamon, nutmeg and a fair amount of sugar and milk. It's given to sickly kids to fatten them up.
I have tried to remake the recipe several times over the years to no avail.
| 2 people marked this as a favorite. |
My people have made a punch with Guinness for a long time. It always includes a raw egg, cinnamon, nutmeg and a fair amount of sugar and milk. It's given to sickly kids to fatten them up.
I have tried to remake the recipe several times over the years to no avail.
My people have made a punch with Guinness for a long time. It always includes a raw egg, cinnamon, nutmeg and a fair amount of sugar and milk. It's given to sickly kids to fatten them up.
I have tried to remake the recipe several times over the years to no avail.
That's similar to mulled ale, though I can't recall any mulled ale recipies with milk in.
That's it - caudle
I can't imagine wanting to taste it, but that is very, very cool.
| 1 person marked this as a favorite. |
There's something viscerally satisfying when you tell the powers-that-be, "Customers will hate this. It's not how people work," the powers-that-be overrule you and insist customers are going to love the "clean, sleek" design of the page...
...and then customers inundate the support pages with, "This isn't how we work! How do we turn this stupid feature off?"
| 2 people marked this as a favorite. |
You mean Microsoft Edge?
"I told you" can be very satisfying indeed.
| 1 person marked this as a favorite. |
Not exactly the sentence I ever thought I'd write... but I'm actually impressed by Taco Bell!!
As I've mentioned, I've given up on food delivery entirely. However, various family members haven't, including Impus Minor, who's discovered Taco Bell delivery. I can't throw stones; when we were in our late teens and early twenties Taco Bell was the go-to, "We're hungry but we don't have any money," place around here.
Long story short, the delivery guy gave him the wrong order. He wasn't complaining; it was more than his order. But, in a moment of Dad Pride, he called to let them know they'd messed up. So, what did they do? They made additional orders and both the person who got shorted and Impus Minor got redeliveries. As Impus Minor put it, "I ordered lunch but got both lunch and dinner!"
It probably cost Taco Bell $25-$30 to do that.
But in terms of customer loyalty and good word of mouth, that was a fantastic investment on their part.
Aaaaand... three days after my, "Coders who can't parse strings properly should be fired and blacklisted," comes this little gem. The TL;DR version is that Meta's (aka Facebook) AI protections can be defeated by putting spaces in your input, because bad string parsing.
A quick analogy (not technically accurate but gets the point across):
"Show Freehold naked" would be blocked, but "S h o w F r e e h o l d n a k e d" wouldn't be and would generate the desired images.
| 1 person marked this as a favorite. |
...and as I've mentioned, I wouldn't mind Global Megacorporation's move to a new security model if their marketing for it wasn't such complete B.S.: "Instead of having to remember a password, which you might forget or which can be stolen, you can use a passkey, which can use unique biometric traits to identify you."
So, um, let's see. To go to work on my computer, my three options are:
(1) Fingerprint recognition. Nope. No company-provided devices have fingerprint readers.
(2) Facial recognition. Well, my laptop does have a camera, but if the miscreants have access to my phone (which they need for the MFA), they have access to pictures of me. And to this day facial recognition software has trouble distinguishing static images from real people.
(3) A PIN. Whose security requirements (at least 6 characters. And that's the only requirement) are massively less secure than our normal passwords (16 digits with at least one number and one non-alphanumeric character).
In short, this implementation is fundamentally making my device less secure by pretty much forcing me to use a PIN (the most convenient of the three options) that doesn't have nearly the security requirements of a password, so I suspect Global Megacorporation will have thousands, if not tens of thousands, of machines whose PINs are 123456.
Don't call something that comes out of the rear end of a bull "pie".
| 2 people marked this as a favorite. |
| 1 person marked this as a favorite. |
A brief political tirade:
So we have a man who:
(a) Refuses to be vaccinated, and
(b) refuses to adjust his behavior in any way, shape, or form, and so continues to go out, socialize, and attend large social gatherings with no protections. (Because of course he doesn't believe in masks nor social distancing either.)
And he keeps impacting those around him negatively, preventing them from going to social events because they are responsible adults and don't feel like spreading disease everywhere they go.
The selfishness is staggering.
Tell us something new.
| 1 person marked this as a favorite. |
It's not that staggering, welcome to the Midwest!
| 2 people marked this as a favorite. |
Hmm, that's an unusual number of what I fervently hope are fingers.