Two-factor siege
« previous post | next post »
Modern security measures are definitely siege-like. But in my recent experience, gmail classifies returned security codes as spam about half the time — I'm not sure how to work that into the joke.
Wednesday's Pearls Before Swine offers a different analogy:
Chas Belov said,
June 19, 2025 @ 2:59 pm
Then there's the text messages that put the security code up front in the message, which means it shows on many lock screens. Not to mention that text messages can be hijacked to another phone (although it would have to be a targeted attack, since they'd also need the password or to have compromised your email).
Chas Belov said,
June 19, 2025 @ 3:00 pm
I am not a security expert and that was not security advice.
AntC said,
June 19, 2025 @ 7:15 pm
In related news [at about 2:15], Quantum computing is in reach of being able to break RSA encryption, allegedly.
Andrew Usher said,
June 19, 2025 @ 8:17 pm
I'd very much doubt it, as public statements about quantum computing have for years been nothing more than hype be promoters of the technology.In any case, it's not related at all to the absurd security satirised here.
Why are we forced into accepting this two-factor authentication whether we want it or not? True, some situation do involve access to sensitive resources, but most involve nothing sensitive to anyone but oneself, How far must we allow these companies and their maniacal security people to control us? This is just more runaway bureaucracy.
And of course security people, those whose profession relies on promoting 'security' measures, are going to do so. Even if they were not biased by that they can only see one side, the possibie security hazards, and not the other, the cost in time and inconvenience for everyone that may, accumulated together, outweigh any possible risk.
k_over_hbarc at yahoo.com
Rick Bryan said,
June 19, 2025 @ 11:14 pm
Follow the money. Every Evil Empire can lower costs by offloading the inconvenience to the user, and, where possible, the risk, too. And of course the users bear the costs of Security Theater. (Sorry, no language interest here.)
Phillip Helbig said,
June 20, 2025 @ 1:03 am
Somewhat related: traditional automatic email forwarding has essentially stopped working due to over-zealous (and sometimes wrongly implemented) security measures involving SPF. Move to a new job? Automatically forward email to your old address to your new one. Set up a mail address such that email sent to it will go to several addresses (e.g. members of some group). Temporarily forward email to another account. In many cases the people involved are essentially forced to be over-zealous and/or configure things wrongly because if they don‘t Gmail will refuse email from them, and Google is apparently too big to be avoided. Their motto used to be do no evil. That isn‘t the first time something like this has happened.
Philip Taylor said,
June 20, 2025 @ 3:36 am
Although I have rarely found my views align with those of Andrew Usher, his final two paragraphs above resonated very strongly with me, and for once I find myself in complete agreement with him. As regard quantum computer, however, I am not sure that I share his scepticism — well worth listening (if you can) to the BBC's "Inside Science" programme of 02-Feb-2017 starting at 07:50. I also seem to recall that next week's "Inside Science" will cover quantum computing as well, but I can find no evidence to support this.
Richard Hershberger said,
June 20, 2025 @ 5:39 am
I work in a law office. I have more than once received documents via email, usually from an insurance company, that were so locked down as to be utterly impenetrable. I respond by complimenting how secure their system is, and asking for the documents in a less secure format. This usually means they fax them over. I have never received a response of surprise at the situation.
Chris Button said,
June 20, 2025 @ 10:06 am
"Q-day" is coming … (or so they say)
Hopefully it will end up as harmless as the "millennium bug" (y2k scare)
Chas Belov said,
June 20, 2025 @ 2:00 pm
@Richard Hershberger: It's interesting how faxing has survived as a secure method of transmission (as long as you don't dial the wrong number). That said, my latest multifunction printer does not have a fax function, so I need to keep my old ink-guzzling printer around, sans ink, just to be able to send faxes for the once or twice a year I need to do so.
Philip Taylor said,
June 20, 2025 @ 4:18 pm
But if you keep it sans ink, Chas, how will you be able to read the replies ?
Chas Belov said,
June 20, 2025 @ 7:22 pm
@Philip Taylor: It's generally a one-way communication. I haven't had the need for anyone to fax me, but if I did, I'd have them fax it to a number with my ISP that I can read without having to print.
Andrew Usher said,
June 22, 2025 @ 7:28 am
But that, of course, loses the security that fax provides, which you just referred to. I don't doubt you don't consider the security benefit important yourself – I wouldn't either. I doubt my ability to do anything to make my communications secure against the kind of adversaries that would be most able to intercept them.