Even the U.S. government is telling Americans to use encrypted apps.
  • someguy@pleroma.someotherguy.xyz
    1531·
    22 days ago

    @return2ozma @technology
    10 years ago, the Feds wanted backdoors to all of phones so they could read all of our text messages. Now, the Feds want everyone not to use software that has backdoors so the Chinese cannot read our phones. The Feds don’t want competition.

  • rarbg@lemmy.zipEnglish
    32·
    21 days ago

    Oh man it sure would be nice if the feds had the power to regulate something like this /s

    • Routhinator@startrek.websiteEnglish
      181·
      21 days ago

      The problem for me is that most Canadian Banks give you the choice of SMS or their shitty adware filled bank app that relies on Google Play Services and wont implement TOTP so I can use a true MFA app. And Im done with being forced to accept user policies I don’t agree with to do shit, and most of all done with Google Play Services on my device 😑

      • HellsBelle@sh.itjust.worksEnglish
        6·
        21 days ago

        Adding to this that my Canadian bank just updated their app and it doesn’t work with my older phone. So my only option is to use online services with SMS/call verification.

        It’s such a joy to know that my bank, who made $40.670 billion last year, takes care of every customer equally.

      • sugar_in_your_tea@sh.itjust.worksEnglish
        1·
        21 days ago

        This is the main reason I switched to Fidelity here in the US. It’s a brokerage, but it does basic bank things, like checks, debit card, etc, and they support SymantecVIP, which works w/o Google Play Services. TOTP support really isn’t that hard, I don’t understand why banks are so slow in adopting it…

        • dan@upvote.auEnglish
          1·
          20 days ago

          In case you weren’t aware, Symantec VIP is just TOTP-OATH in a fancy coat. You can extract the secret and use it with any TOTP app. I use Authenticator Pro (now called Stratum) because it’s open-source and has a watch app.

        • ipkpjersi@lemmy.mlEnglish
          0·
          21 days ago

          The issue is, banks are only going to do what they’re required to do by law. The government is run by dinosaurs who don’t know what computers are, let alone what TOTP is.

          • sugar_in_your_tea@sh.itjust.worksEnglish
            1·
            21 days ago

            No, they’re only going to do what they’re required to do by their insurance. The law is an option, but if insurance costs go way up if they don’t have proper MFA, they’ll get MFA.

      • john89@lemmy.caEnglish
        0·
        20 days ago

        Should be illegal to put ads in something as crucial to day-to-day life as a banking app.

        If it’s not illegal, then everyone is going to do it and we won’t have the “choice” that crapitalists love to tout so much.

        • Routhinator@startrek.websiteEnglish
          1·
          19 days ago

          Its supposed to be illegal for banks to be in “sales” but my wife was working for BMO and they were forcing her to prioritize outbound cold calls ans upselling products the customer didnt need and would clearly be bad for their financials as a Personal Banking Assistant. The conflict of interest was so great it stressed her right the fuck out and she had to take leave and start therapy. Her MS also spiked likely due to the stress levels. She was there to help people, and she made the bank earn loyal customers and they willing got more products from the bank because she helped them. She was the top performer at the bank if she just let her do the job she was there to do, but instead her boss started ragging on her daily about her cold calling numbers and forcing her to cancel necessary appointments and focus time to deal with customer requests and instead prioritize sales.

          In the end her numbers dropped, her customer satisfaction dropped, and her MS got worse from the stress and she’s now on long term leave, uncertain if she’ll recover her focus and able to go back to work. Her neurologist has said she cannot go back for now.

          Not sure how that bullshit helped the bank, but I can sure see how I didn’t, and I may be wrong but I think there are laws against it.

          Also worth noting that this change in tactics happened right at the same time BMO took all their “we’re here to help” signage down. Brings so many memories of Google dropping the “don’t be evil”. Everything that came after in both cases was shit.

          EDIT: Oh looks like CBC did an article on this now because it is so prolific. https://www.cbc.ca/news/business/banks-upselling-go-public-1.4023575

    • Telorand@reddthat.comEnglish
      42·
      22 days ago

      The novelty is the fact that it’s ongoing. They haven’t mitigated the hack. The threat actors are still inside the networks, which is why the government is telling people to switch to E2EE apps.

  • phoneymouse@lemmy.worldEnglish
    21·
    22 days ago

    Thank god, give me my HMAC hash please.

    Nothing more terrifying than losing your phone number these days because of all the accounts tied to it via 2FA.

  • Uriel238 [all pronouns]@lemmy.blahaj.zoneEnglish
    233·
    21 days ago

    Oh it turns out we needed NSA to do its actual fucking job after all rather than holding onto exploits for the surveillance state.

    Now — for the second time — we have an adversarial administration eager to weaponize government departments while Americans are vulnerable. Why? Because America is the good guys and would never abuse its extrajudicial powers (say, by detaining, rendering and torturing Americans with names similar to those of POIs.)

    We could have had twenty-four years of robust communications security developments if NSA didnt sell the public out like Judas.

  • communism@lemmy.mlEnglish
    191·
    22 days ago

    I wish Signal stopped using it. I know you can set a Signal PIN but a lot of the non-techy friends I speak to on Signal probably wouldn’t think to, or look through the settings (not that you need to be “techy” to set it, but you know the kind of learned helplessness most people have about tech). At least a prompt for all users to set an account PIN so their account can’t just be stolen by anyone with their SIM card.

      • ChillPill@lemmy.worldEnglish
        15·
        22 days ago

        They abandoned letting you use the Signal app to send and recieve SMS. You still need to get a code via SMS to activate your Signal account. I believe this is what they are referring to.

        • communism@lemmy.mlEnglish
          1·
          21 days ago

          Yep, I was referring to that. You can stick someone else’s SIM in your phone and log into their signal account if they’ve not set a Signal PIN. You don’t see message history but new messages to that person will go to you.

  • umbrella@lemmy.mlEnglish
    9·
    21 days ago

    of course it is. forced 2fa BY SMS OF ALL THINGS is one of the stupidest ideas

    • capital@lemmy.worldEnglish
      1·
      21 days ago

      I assume businesses only jumped at the chance to enable SMS 2FA to get their greedy little fingers on our phone numbers.

  • randon31415@lemmy.worldEnglish
    4·
    20 days ago

    Authentication for my work email: Enter 28 character password, receive sms, enter message, log in

    Authentication for my Battle.net account:

    -Enter email made before 2000 because they don’t let you change email

    -Enter password

    -Get rejected

    -Solve CAPTCHA

    -Try backup passwords, get rejected

    -Request new password

    -Send request to 24 year old email

    -Try to log on to 24 year old email, email is suspicious and sends Authentication request to my newer email

    -Open newer email, Authenticate older email

    -open old email, Put in code to battle.net

    -Battle.net requests Authenticator code from Battle.net app

    -Open battle.net app (no requests)

    -Try manual code, doesn’t work

    • Realize Battle.net app Authenticator not connected

    -Try to connect Battle.net app Authenticator to account

    -Realize you cannot connect Authenticator without signing in AND signing in requires Authenticator

    -Close Battle.net app

    -Open Blizzard Authenticator

    -Close warning that this app got depreciated in January

    -Enter manual code

    -it works

    -Attempt to change password to password I first attempted

    -Won’t let me use same password

    -Try logging in using that password

    -Still doesn’t work - Solve one more CAPTCHA

    -Change password to backup password and back to original password - have to solve 2 more Captchas

    -Finally works

    -Log in

    • λλλ@programming.devEnglish
      0·
      19 days ago

      That just kept going. I feel you, but maybe try a password manager? You open it up, type blizzard and it tells you exactly what password you used. Even better, it can generate really good passwords for you.

      I use bitwarden.

  • Chaotic Entropy@feddit.ukEnglish
    2·
    20 days ago

    So many services still don’t even offer 2FA at all. Any service that stores payment information and PII without any 2FA options, let alone a secure one, at this point are a disgrace.