Path: csiph.com!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Dan Purgert Newsgroups: comp.misc Subject: Re: Using SMS for password reset. Date: Thu, 1 Feb 2024 15:16:19 -0000 (UTC) Organization: A noiseless patient Spider Lines: 45 Message-ID: References: Injection-Date: Thu, 1 Feb 2024 15:16:19 -0000 (UTC) Injection-Info: dont-email.me; posting-host="a7a2037e3773f14749fe4ec2cced6908"; logging-data="2236081"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+F3BP7tI0zfg4MtkQVRqlwB9ZJ2KT7BsY=" User-Agent: slrn/1.0.3 (Linux) Cancel-Lock: sha1:BXh1v1sIuyqz6d9h9jFTnGpmrYg= Xref: csiph.com comp.misc:23895 On 2024-01-31, Sylvia Else wrote: > On 31-Jan-24 10:10 pm, Dan Purgert wrote: >> On 2024-01-30, Spiros Bousbouras wrote: >>> On Tue, 30 Jan 2024 10:39:28 -0000 (UTC) >>> Dan Purgert wrote: >>>> On 2024-01-30, Sylvia Else wrote: >>>>> This is really a rant - venting to release some of the frustration. >>>>> >>>>> I'm in the process of selling my house, and I need somewhere secure to >>>>> hold the proceeds. I decided I'd create a account with a bank I don't >>>>> otherwise bank with, and interact online with it using a live-DVD on a >>>>> system that has no storage. So no risk of key loggers or other hacks. >>>>> I'd remember the strong password, and not have it written down anywhere. >>>> >>>> Until you don't remember it, then what? >>>> >>>> Because let's face it, eventually we all forget the password. >>> >>> That's a very presumptuous thing to say. I have my own ways of storing and >>> retrieving passwords (which may include just my memory) and I'm confident >>> they are secure and reliable enough. So don't include me in your "we". >> >> So if I was to sit you down at any freshly installed PC of your choice, >> you could log-in to *any* random service to which you have a >> username/password combination *from memory* ? >> >> Because if there is even a single service to which the truthful answer >> (which, admittedly I will never know; because this is Usenet, and you >> can vehemently deny it to your last post) is "well, actually, I'd >> have to use [password-tool-of-choice] for that site"; then you are >> solidly in the group of "people who have forgotten the password". >> >> > Just need to remember the one username and password for site where the > backup copy of the encrypted password database is stored, and the > passphrase to decrypt that database. Not that hard. You might want to re-read what was written. -- |_|O|_| |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860