Groups | Search | Server Info | Login | Register
| From | Sylvia Else <sylvia@email.invalid> |
|---|---|
| Newsgroups | comp.misc |
| Subject | Using SMS for password reset. |
| Date | 2024-01-30 19:22 +1100 |
| Message-ID | <l1rpu5FbrprU1@mid.individual.net> (permalink) |
This is really a rant - venting to release some of the frustration. I'm in the process of selling my house, and I need somewhere secure to hold the proceeds. I decided I'd create a account with a bank I don't otherwise bank with, and interact online with it using a live-DVD on a system that has no storage. So no risk of key loggers or other hacks. I'd remember the strong password, and not have it written down anywhere. Except that the banks insist on having a password reset option, validated using an SMS. This undermines my attempts at ensuring that the account remains secure. I've tried telling banks (and other entities, indeed) that I don't want the ability to reset the password. No go, because such an option is not implemented in their systems. Telcos in Australia have some quite strict rules regarding transfer of mobile phone numbers, but the rules still get broken, and frauds committed thereby. If someone perpetrated a fraud as a consequence of the SMS password reset, I'd have a good case that it was a fraud against the bank, rather than against me, and that it was therefore the bank's loss. Still, I'd rather not have to deal with it. I looked at having a SecurIDĀ® device as 2FA. But guess what? It can be used to reset the password. So I'm tearing my hair out. Why do banks have this huge blind-spot when it comes to resetting passwords? Sylvia.
Back to comp.misc | Previous | Next — Next in thread | Find similar
Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-30 19:22 +1100
Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-01-30 10:39 +0000
Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-30 21:57 +1100
Re: Using SMS for password reset. Bruce Horrocks <07.013@scorecrow.com> - 2024-02-06 23:47 +0000
Re: Using SMS for password reset. "Kerr-Mudd, John" <admin@127.0.0.1> - 2024-02-07 10:31 +0000
Re: Using SMS for password reset. Ian <gay@sfuu.ca> - 2024-02-07 15:03 -0800
Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-01-30 14:33 +0000
Re: Using SMS for password reset. D <nospam@example.net> - 2024-01-30 16:38 +0100
Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 13:39 -0300
Re: Using SMS for password reset. Mike Spencer <mds@bogus.nodomain.nowhere> - 2024-01-30 19:56 -0400
Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-31 17:57 -0300
Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-01-31 11:10 +0000
Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 22:34 +1100
Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-02-01 15:16 +0000
Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-01-31 12:06 +0000
Re: Using SMS for password reset. Dan Purgert <dan@djph.net> - 2024-02-01 15:48 +0000
Re: Using SMS for password reset. Spiros Bousbouras <spibou@gmail.com> - 2024-02-01 17:57 +0000
Re: Using SMS for password reset. Rich <rich@example.invalid> - 2024-01-30 16:39 +0000
Re: Using SMS for password reset. newsmaster@ausics.net - 2024-01-31 07:02 +1000
Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 09:45 +1100
Re: Using SMS for password reset. Rich <rich@example.invalid> - 2024-01-30 23:39 +0000
Re: Using SMS for password reset. Bob Eager <news0009@eager.cx> - 2024-01-31 00:10 +0000
Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 22:30 -0300
Re: Using SMS for password reset. kludge@panix.com (Scott Dorsey) - 2024-01-31 01:41 +0000
Re: Using SMS for password reset. Julieta Shem <jshem@yaxenu.org> - 2024-01-30 23:09 -0300
Re: Using SMS for password reset. D <nospam@example.net> - 2024-01-31 10:58 +0100
Re: Using SMS for password reset. Sylvia Else <sylvia@email.invalid> - 2024-01-31 13:32 +1100
csiph-web