Groups | Search | Server Info | Login | Register

Groups > comp.misc > #23921

Re: Using SMS for password reset.

From Bruce Horrocks <07.013@scorecrow.com>
Newsgroups comp.misc
Subject Re: Using SMS for password reset.
Date 2024-02-06 23:47 +0000
Message-ID <21fdd84d-2c6d-4a18-baa5-6d749e4ea0c4@scorecrow.com> (permalink)
References <l1rpu5FbrprU1@mid.individual.net> <slrnurhkif.2h7.dan@djph.net> <l1s2vuFbs14U1@mid.individual.net>

Show all headers | View raw

On 30/01/2024 10:57, Sylvia Else wrote:
> On 30-Jan-24 9:39 pm, Dan Purgert wrote:
>> On 2024-01-30, Sylvia Else wrote:
>>> This is really a rant - venting to release some of the frustration.
>>>
>>> I'm in the process of selling my house, and I need somewhere secure to
>>> hold the proceeds. I decided I'd create a account with a bank I don't
>>> otherwise bank with, and interact online with it using a live-DVD on a
>>> system that has no storage. So no risk of key loggers or other hacks.
>>> I'd remember the strong password, and not have it written down anywhere.
>>
>> Until you don't remember it, then what?
>>
>> Because let's face it, eventually we all forget the password.
>>
> 
> If I say I won't forget, you've no real reason to doubt me. There are 
> many things that I've remembered for decades.

I don't doubt you, but your ability to remember a password that isn't 
easily guessable and isn't re-used on multiple sites puts you in the top 
0.1% of the population. Banks, however, have to deal with the remaining 
99.9% as well.

> In the event that I really did forget, then I'd have to show up at one 
> of the bank's offices with physical identity documents.

That's the last thing they want people doing. Imagine going into the 
bank to find that there are 15 people ahead of you in the queue, all 
waiting to go through a 5 minute process of showing documents to prove 
their identity to get their password changed.

The banks don't want to pay their staff to change passwords, they want 
to pay them to sell you a new savings account or to take out a loan.

FWIW my bank in the UK gives out a free card reader device, a bit like a 
pocket calculator, for their 2FA system. To use it you insert your bank 
card, enter your card pin, which it validates using the chip in the chip 
& pin card and then displays an 8 digit number to enter into the website.

You use this to log in initially (so no password to remember) and then 
to re-authenticate prior to carrying out any sensitive actions such as 
making a payment or changing personal details.

-- 
Bruce Horrocks
Surrey, England

Back to comp.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-30 19:22 +1100
  Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-01-30 10:39 +0000
    Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-30 21:57 +1100
      Re: Using SMS for password reset. Bruce Horrocks <07.013@scorecrow.com> - 2024-02-06 23:47 +0000
        Re: Using SMS for password reset. "Kerr-Mudd, John" <admin@127.0.0.1> - 2024-02-07 10:31 +0000
        Re: Using SMS for password reset. Ian <gay@sfuu.ca> - 2024-02-07 15:03 -0800
    Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-01-30 14:33 +0000
      Re: Using SMS for password reset. D <nospam@example.net> - 2024-01-30 16:38 +0100
      Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 13:39 -0300
        Re: Using SMS for password reset. Mike Spencer <mds@bogus.nodomain.nowhere> - 2024-01-30 19:56 -0400
          Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-31 17:57 -0300
      Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-01-31 11:10 +0000
        Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 22:34 +1100
          Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-02-01 15:16 +0000
        Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-01-31 12:06 +0000
          Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-02-01 15:48 +0000
            Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-02-01 17:57 +0000
  Re: Using SMS for password reset. Rich <rich@example.invalid> - 2024-01-30 16:39 +0000
  Re: Using SMS for password reset. newsmaster@ausics.net - 2024-01-31 07:02 +1000
  Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 09:45 +1100
    Re: Using SMS for password reset. Rich <rich@example.invalid> - 2024-01-30 23:39 +0000
      Re: Using SMS for password reset. Bob Eager <news0009@eager.cx> - 2024-01-31 00:10 +0000
      Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 22:30 -0300
        Re: Using SMS for password reset. kludge@panix.com (Scott Dorsey) - 2024-01-31 01:41 +0000
          Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 23:09 -0300
            Re: Using SMS for password reset. D <nospam@example.net> - 2024-01-31 10:58 +0100
      Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 13:32 +1100

csiph-web