Don't tell me that a piece of paper is not safer than a smarthone, that automatically uploads everything to the cloud "for your own safety". That's the big BS that you, and so many actually believe.
- - - Updated - - -
Being convenient =/= lazy, but you tell me that being convenient is actually = lazy.
Ok - do this simple test:
1) Take your piece of paper and set it on fire.
2) Now login to your sites.
How's that going for you?
Information Security is about confidentiality, integrity and availability. You're mixing Privacy into this - which is a factor in confidentiality but it's definately not 100% of the equation - it's just one thing in one branch. Learn a bit about security, ok? Google those three terms.
OK - so let's leave the privacy talk for later... now point out the real security flaws that mobiles + two-factor generators have?
So ok you don't want to talk about Availability. Ok then, I get to pick one bit I don't want to care about. So I don't want to talk about Privacy.
Now that we both have removed one part out of the dicsussion, let's get back to it, then:
Point out the real security flaws that mobiles + two-factor generators have?
Also - please include some attacks that are currently in the wild (include the CVE's if you can)
Last edited by mmoce1addbf3e1; 2017-12-02 at 10:20 AM.
I personally don't need such thing relating to my passwords. I'm not mobile, neither at my job or private life, and I don't mix up the two things either. I also just have the WoW game only on my PC, I don't need/want anything related to it e.g. on my smartphone, because I don't play when I work. I can separate these things. I live simple.
You can access them remotely on the Internet or other kind of network. While you can't do the same thing with a piece of paper.
Last edited by mmoc9aac36c166; 2017-12-02 at 10:34 AM.
This is just about as absurd as my claim of your house burning down. You need to be more specific.
Please point out how having an app that genetates 2-facor authentication numbers on my mobile is insecure (or a password management app)? I'm afraid you're going to have to point to specific attacks. Otherwise I'll keep claiming your house is going to burn down - because both of these are equally stupid arguments.
Last edited by mmoce1addbf3e1; 2017-12-02 at 10:38 AM.
Then I can also make up some other imaginary scenario, where I don't keep these important pieces of papers at my house, or at a place that can burn down.
You ppl have so strong belief in thechnology, you don't even sense real life anymore. What do you do with all of your technology when a blackout happens for a few days and you are cut off from civilization (yes, ppl live at places where a landslide or a tornado can happen). You just watch the black screen while I read my books.
And ofc I can't mention specific examples, because that's not my job, and I'm not interested at that high level either (I know you want to boil it down to this point, so you can bash me at this spot too). However you can't really say that your data has the same safety on a network connected computer/device, as on a piece of paper which is well hidden at the bottom of my drawer. No Korean hacker has access to it.
To steal the information that is written on the piece of paper, you actually have to break into my home and steal it, while on a network, you can do it from 5000km away. But that's also quite obvious. So which data has more security?
I don't want to bash you about anything. Security is my job and has been for the past 15-20 years. And this trend of "absolute purism or nothing at all" is very harmful.
Yes, disconnecting everything from networks and keeping everything offline is very secure. You can even add fire-proof safe to your house and you'll get rid of the "house burning down" problem. It can't be argued.
But the world doesn't work that way anymore. It hasn't worked that way in the past 30 years and it's going the other way increasingly fast. Props to you for keeping your stoic pose and your simple habits, but surely you see you're not "average joe" in this? For the average joe having a 2-factor app or a password manager on their phone will instantly increase their security posture - by a huge amount.
No technology or science field can thrive if it's governed by absolute purism - same applies to security. Having common sense and relevant threat model is important. Mobile phones are secure enough for this purpose. The iPhone secure enclave is quite excellent place to keep your secrets in a modern world.
Can you at least see that?
Last edited by mmoce1addbf3e1; 2017-12-02 at 11:04 AM.
This basically, I literally facepalm when I read that drivel.
Guess what, using two-factor authentication on potentially insecure device to protect logins is frikkin' shitton better than not using anything at all.
At my workplace two-factor authentication is mandatory for logins and of course remote access. Don't have smartphone? Tough luck, buddy, should not work in high tech. There are no exceptions.
I can see and understand what you are talking about. However as I say consequently again and again, ppl beleive too strong in technology and put up all their asses to the public just to let a cock fly into it as easy as possible (to say it vulgar). They are irresponsible and lazy. Meanwhile they rely more and more on technology, they forget that living simple, yet still having access to information is possible, and can also be a layer of security, without any kind of extra technological protection needed.
Companies should teach ppl to be responsible, instead of selling/advertising an other security product/software (that can also have flaws and weak spots) to install on their devices. But where would be the business in it? It's all about money and propaganda to make even more profit. While living simple and being a bit more responsible can result the same level of security, without feeding an other company.
I'm talking about simple WoW players that sit down to their computers and play the friggin game after a hard day, not about workplaces. It's not about high-tech security companies that work with sensitive data. It's just simple civilians at their homes... They really don't need such BS, just be a bit more responsible. Life is not necessarily a spy movie.
- - - Updated - - -
I say (and live like) that I don't use/need such softwares that can compromise my sensitive data. I know that software will always have flaws, but I try to keep them as low as possile. Believe it or not, I have a smartphone, yet I don't have mobile internet, because I live a life where I don't need it at the slightest. Wifi is enough for me, thus I don't even communicate on mobile facebook app (or other chat software), so I don't even have that app installed. I also don't listen to music via an internet radio. 2 less software that can have flaws (and are unnecessary for me). Still I have a job, friends, a life.
On my smartphone:
- I call ppl
- I listen to music as mp3
- I use the camera to take pictures
- I use the GPS and an offline map for navigation (that I update via the wifi)
- I rerely browse the news (also on wifi), and check out the weather forecast
- I recieve/send SMS sometimes
I simply don't have time/need for more, because I have other ways of entertainment.
I don't believe that ppl with a full time job, a family, some real friends need more from their smartphones. These different chat softwares, social media services are all just distractions and you only have time/need for them if you don't have a real job - because let's admit what changes in my life if I follow a celebrity on Twitter? nothing, it has absolutely no impact on my wage. Also the games just drain your battery needlessly. These things are used mosly by young ppl that need something to twiddle, to play with and in reality, they have absolutely no positive impact on their lives.
I've had an authenticator on my account for years now, but the +4 bag slots is nice, nothing hugely amazing, but still a nice addition.
It's ok - you obviously have built your threat model and you live accordingly.
I'm not going to comment on that - you do what you need to do to keep a security level that is acceptable to you. You defend against threats you see relevant to you. That's fine. But I don't want to talk about you specifically, because you are a special case.
I'm saying the 10'000 foot view looks quite different. In that context most of the threats that are relevant to you, are not relevant to most. People use Facebook and Twitter. They upload things to Dropbox. They play games. They pay bills from their mobile phone and do banking online. And they want convenient, easy access. They share same, bad password between all of the above sites. That's how the world looks at 10'000 feet.
And in that world, it's very harmful to push a purist view, because it actually hinders development and adaptation of security or helpful technology.
So - keep your 40 pages of written passwords, it's OK - you're safe and secure, you don't need anything else.
For the rest - who actually need security - please install authenticator on your mobile. It's secure enough.
Last edited by mmoce1addbf3e1; 2017-12-02 at 12:24 PM.
I already have an authenticator so I'll get it, but I feel 4 really isn't enough. 20 slot bag is like WotLK level, we're way past that now.
lol so many people in here worried about the boogie man watching them and invading their "privacy".....wtf are u people doing that ur so scared of anyone finding out?
Well, without added Security, one can basically "Luck" themselves in your Account, get via Fishing in your Account, or maybe even BruteForce it if you dont pay attention for a time.
With an Authenticator, you need to be Targeted Specifically, or be REALLY stupid.
I still stand with my Point I made in another Thread about this during Blizzcon:
If your Account isnt Secured with an Authenticator, and you get Hacked, they should charge you for the work they do in Restoring your Account.#
Because if a person is to Lazy to input ONE time a code, or push a button on their Smartphone, then why should Blizzard bother fixing your Security for free.
You do actually know, that, while its a bit safer than using a single Email, its still possible to get that?
Agreed.
Reason why this is Dumb:
Without any form of Authenticator, people need just your Password for your EmailAccount, and can steal your Account. Which in itself is only as Secure as the Provider where your Email is held. (Or they Randomly Fish for information, which happens also)
With an Authenticator, while its true, that your smartphone my be stolen or Hacked, you still need to:
A: Have the Intend or Knowledge to actually steal a WoW Account from a stolen Handy.
B: Target Specifically a Specific Person to steal/Hack their Smartphone.
The Odds of that are really really really low.