Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: VanguardLH <V@nguard.LH>
Newsgroups: comp.mobile.android
Subject: Re: Codes sent by text message
Date: Sat, 9 Mar 2024 22:05:05 -0600
Organization: Usenet Elder
Lines: 65
Sender: V@nguard.LH
Message-ID: <6wcsrhfaet8k$.dlg@v.nguard.lh>
References: <ush35k$2791b$1@dont-email.me> <usid1f$2fqif$1@dont-email.me> <su6vbkx86o.ln2@Telcontar.valinor> <usj60d$2odtf$1@dont-email.me> <usj7ad$2ol88$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net ryblxnYqoLNjyaLQspKQAgBq00sb+pfpOUbczgsPSWm1vdi7uR
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:jnn3FYnokOMI/weBOTxtdWZC9Hc= sha256:/YUnC/SQevNXVwQwsKKOOghW7OSGxRMHD5IAHEnaouM=
User-Agent: 40tude_Dialog/2.0.15.41
Bytes: 3784

AJL <noemail@none.com> wrote:

> On 3/9/24 7:30 PM, Newyana2 wrote:
>>"Carlos E.R." <robin_listas@es.invalid> wrote
>>
>>| >    As V said, the simple answer is that they want to spy.
>>|
>>| No, that's not it. Not for a bank.
>>|
>>
>>Of course that's it.
>>
>>| They want to know that you are an actual person with a phone and
>>| contract. They have to trust the company giving those numbers.
>>|
>>
>>   An actual person with a phone contract? So you're saying that
>>having a cellphone is more proof of ID than my drivers license? You've
>>been drinking the kool-aid.
> 
>>   At one point I played with crypto a bit. I had to upload a picture
>>ID (drivers license), as well as giving them my email address and
>>access to my bank account. As I recall I think they sent a voice
>>message code to my landline, which is a lot more security in terms of
>>proof of ID than a cellphone. The lamdline is registered to -- and
>>wired to -- a physical address.
> 
> Wow. That's a lot of info to give an online company for a paranoid guy like
>  you...  8-O
> 
>>
>>   Investing with the US Treasury does not require a cellphone.
>>They send a code via email.
>>
>>  My Tracfone was bought at BestBuy. At no point did I have to
>>enter an ID or open an account. Tracfone officially has no idea
>>who I am. I buy minutes at a drugstore every 3 months. There's
>>no inherent security or proof of ID with cellphones. If I were going
>>to do anything online requiring a cellphone, I'd be using that Tracfone.
>>The problem, as I noted, is that if I lost the cellphone I don't feel
>>confident that I'd be able to get into my account. There's no one
>>minding the store.
>>
>>  I ran into a similar issue with my brotyher who had a stroke. I
>>tried to get his email. Google wouldn't let me. They wanted 2FA.
>>He'd never set up 2FA! Apparently they saw that I was logging in
>>from a different location, on a different device. There was no way
>>around it. One doesn't just call a tech support person at Google.
> 
>>  So it's pure bullshit for them to talk about security and even more
>>BS to talk about confirming who you are. The only credible reason to
>>require 2FA via cellphone is to track you.
> 
> I prefer text 2FA because it's immediate. If I didn't request it and
>  somebody's using my password I want to know right away...

Lots of sites track you by device.  Some offer you a history to view of
what devices connected to your account.  If a device not previously
recorded logs in, they sent you an e-mail alert saying "Was this you?"

If a hacker can easily guess your password to then have 2FA code sent to
your phone, that bodes ill for you using a weak password.  Make the
password longer, don't use words, and each password should be unique to
the domain where you login (i.e., never reuse passwords).  Make 'em
strong.  Make them unique.