Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: AJL Newsgroups: comp.mobile.android Subject: Re: Codes sent by text message Date: Sat, 9 Mar 2024 21:42:39 -0700 Organization: A noiseless patient Spider Lines: 51 Message-ID: References: <6wcsrhfaet8k$.dlg@v.nguard.lh> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sun, 10 Mar 2024 04:42:36 -0000 (UTC) Injection-Info: dont-email.me; posting-host="3b95f22774ae962e7fcbacf63da0b604"; logging-data="2943998"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/YY7LVv9Zz1fRKfk8HUFCw" User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 Cancel-Lock: sha1:o7Wc0P7eGbYnCZ/26fK04HxQJjE= In-Reply-To: <6wcsrhfaet8k$.dlg@v.nguard.lh> Bytes: 3032 On 3/9/2024 9:05 PM, VanguardLH wrote: > AJL wrote: >> I prefer text 2FA because it's immediate. If I didn't request it and >> somebody's using my password I want to know right away... > Lots of sites track you by device. Some offer you a history to view of > what devices connected to your account. If a device not previously > recorded logs in, they sent you an e-mail alert saying "Was this you?" Yup. I get those when I'm firing up a new toy. > If a hacker can easily guess your password to then have 2FA code sent to > your phone, that bodes ill for you using a weak password. Agreed. But it's still IMO nice insurance to know immediately if my PW (or a site hack?) is used. > Make the > password longer, don't use words, and each password should be unique to > the domain where you login (i.e., never reuse passwords). Make 'em > strong. Make them unique. I use a formula. That way I can remember most of them without a cheat sheet. Something like: $$ + Z + first 3 letters of site + my 1st employee number + last 3 letters of site + my 2nd employee number. BTW I got this email to my fake Gmail account a few months back: ------------------------------- Verification Code To verify your account, enter this code in TikTok: 684267 Verification codes expire after 48 hours. If you didn't request this code, you can ignore this message. TikTok Support Team TikTok Help Center: https://support.tiktok.com/ Have a question? Check out our help center or contact us in the app using Settings > Report a Problem. This is an automatically generated email. Replies to this email address aren't monitored. --------------------------- Interesting part is that I've never had a TikTok account. But I changed the fake email account password anyway. Can't be too careful...