Article <usjdns$2pqvu$1@dont-email.me>

Deutsch English Français Italiano
<usjdns$2pqvu$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: AJL <noemail@none.com>
Newsgroups: comp.mobile.android
Subject: Re: Codes sent by text message
Date: Sat, 9 Mar 2024 21:42:39 -0700
Organization: A noiseless patient Spider
Lines: 51
Message-ID: <usjdns$2pqvu$1@dont-email.me>
References: <ush35k$2791b$1@dont-email.me> <usid1f$2fqif$1@dont-email.me>
 <su6vbkx86o.ln2@Telcontar.valinor> <usj60d$2odtf$1@dont-email.me>
 <usj7ad$2ol88$1@dont-email.me> <6wcsrhfaet8k$.dlg@v.nguard.lh>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 10 Mar 2024 04:42:36 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="3b95f22774ae962e7fcbacf63da0b604";
	logging-data="2943998"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/YY7LVv9Zz1fRKfk8HUFCw"
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
Cancel-Lock: sha1:o7Wc0P7eGbYnCZ/26fK04HxQJjE=
In-Reply-To: <6wcsrhfaet8k$.dlg@v.nguard.lh>
Bytes: 3032

On 3/9/2024 9:05 PM, VanguardLH wrote:
> AJL <noemail@none.com> wrote:

>> I prefer text 2FA because it's immediate. If I didn't request it and
>>  somebody's using my password I want to know right away...

> Lots of sites track you by device.  Some offer you a history to view of
> what devices connected to your account.  If a device not previously
> recorded logs in, they sent you an e-mail alert saying "Was this you?"

Yup. I get those when I'm firing up a new toy.

> If a hacker can easily guess your password to then have 2FA code sent to
> your phone, that bodes ill for you using a weak password.

Agreed. But it's still IMO nice insurance to know immediately if my PW 
(or a site hack?) is used.

> Make the
> password longer, don't use words, and each password should be unique to
> the domain where you login (i.e., never reuse passwords).  Make 'em
> strong.  Make them unique.

I use a formula. That way I can remember most of them without a cheat 
sheet. Something like: $$ + Z + first 3 letters of site + my 1st 
employee number + last 3 letters of site + my 2nd employee number.

BTW I got this email to my fake Gmail account a few months back:
-------------------------------
Verification Code
To verify your account, enter this code in TikTok:

684267

Verification codes expire after 48 hours.

If you didn't request this code, you can ignore this message.

TikTok Support Team

TikTok Help Center: https://support.tiktok.com/

Have a question?
Check out our help center or contact us in the app using Settings > 
Report a Problem.
This is an automatically generated email. Replies to this email address 
aren't monitored.
---------------------------

Interesting part is that I've never had a TikTok account. But I changed 
the fake email account password anyway. Can't be too careful...