Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mobile.android > #148740 > unrolled thread

We wiill send you a code

Back to article view | Back to comp.mobile.android

Contents

  We wiill send you a code micky <NONONOmisc07@fmguy.com> - 2025-06-09 11:18 -0400
    Re: We wiill send you a code AJL <noemail@none.com> - 2025-06-09 16:56 +0000
    Re: We wiill send you a code "Carlos E.R." <robin_listas@es.invalid> - 2025-06-09 21:12 +0200
      Re: We wiill send you a code micky <NONONOmisc07@fmguy.com> - 2025-06-11 07:03 -0400
        Re: We wiill send you a code AJL <noemail@none.com> - 2025-06-11 16:03 +0000
        Re: We wiill send you a code Arno Welzel <usenet@arnowelzel.de> - 2025-06-13 09:39 +0200
          Re: We wiill send you a code micky <NONONOmisc07@fmguy.com> - 2025-07-01 08:15 -0400
    Re: We wiill send you a code Arno Welzel <usenet@arnowelzel.de> - 2025-06-13 09:38 +0200

#148740 — We wiill send you a code

I'm seeing more and  more webpages that, after entering my userid, want
to send me a code to log in to the page.  For a computer user, this is
just silly, when he could have stored his password so that it pops right
up, without going to read a text or email. And using one's password
always has been the second option

So I'm thinking this change must have come about because of smart
phones, right?? And that implies it's harder to save password in smart
phones than in computers.  Is that so, and why? And why have they not
fixed it?  

[toc] | [next] | [standalone]

#148741

On 6/9/25 8:18 AM, micky wrote:
>I'm seeing more and  more webpages that, after entering my userid, want
>to send me a code to log in to the page.  For a computer user, this is
>just silly, when he could have stored his password so that it pops right
>up, without going to read a text or email. And using one's password
>always has been the second option

My sites give me an option of remembering the device so I only have to do it
 once on the first use. But if you're using someone else's device you won't
 want to do it for security reasons.

>So I'm thinking this change must have come about because of smart
>phones, right?? And that implies it's harder to save password in smart
>phones than in computers.  Is that so, and why? And why have they not
>fixed it?

For non-sensitive sites I let Google remember and insert my passwords.
 Easy-peasy. And if you're a Google paranoid there are several other
 password managers available...   

[toc] | [prev] | [next] | [standalone]

#148742

On 2025-06-09 17:18, micky wrote:
> I'm seeing more and  more webpages that, after entering my userid, want
> to send me a code to log in to the page.  For a computer user, this is
> just silly, when he could have stored his password so that it pops right
> up, without going to read a text or email. And using one's password
> always has been the second option

This is a fashion of 2FA, if i understand your description.


-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]

#148755

In comp.mobile.android, on Mon, 9 Jun 2025 21:12:00 +0200, "Carlos E.R."
<robin_listas@es.invalid> wrote:

>On 2025-06-09 17:18, micky wrote:
>> I'm seeing more and  more webpages that, after entering my userid, want
>> to send me a code to log in to the page.  For a computer user, this is
>> just silly, when he could have stored his password so that it pops right
>> up, without going to read a text or email. And using one's password
>> always has been the second option
>
>This is a fashion of 2FA, if i understand your description.

But why would the person whose account it actually is want to use 2FA,
when he can just click and his saved password will fill the password
field, rather than have them either send a text or email, have to go the
text or email, copy, go back to the webpage, and paste it.   He's knows
it's his account, or if he's logging into someone else's account then he
doens't care that it's not his.  If they let someone just use a password
and he knows the password, why would he not just use the password?  It's
so much simpler and quicker.  

[toc] | [prev] | [next] | [standalone]

#148763

On 6/11/25 4:03 AM, micky wrote:
>In comp.mobile.android, on Mon, 9 Jun 2025 21:12:00 +0200, "Carlos E.R."
><robin_listas@es.invalid> wrote:
>
>>On 2025-06-09 17:18, micky wrote:
>>> I'm seeing more and  more webpages that, after entering my userid, want
>>> to send me a code to log in to the page.  For a computer user, this is
>>> just silly, when he could have stored his password so that it pops right
>>> up, without going to read a text or email. And using one's password
>>> always has been the second option
>>
>>This is a fashion of 2FA, if i understand your description.


>But why would the person whose account it actually is want to use 2FA,

So a PERP knowing your password can't use HIS device to log into YOUR
 account.

>when he can just click and his saved password will fill the password

That's the reason for 2FA: More security for YOUR accounts. A password
 manager provides convenience and some security with better made up 
 passwords but if your password is ripped off at the website, a fancy long
 password won't help much...

>field, rather than have them either send a text or email, have to go the
>text or email, copy, go back to the webpage, and paste it. 

MY accounts only require using 2FA one time per account per device. Once an
 account certifies that the device is mine (and not some perp trying to get
 in using his device), from that point on no more 2FA is required on THAT
 ONE device.

It then depends on the site if a password is still required when using a 2FA
 certified device. For me some sites (like Amazon) no longer even require
 using a password and others (like banks) still do. But no more 2FA.

There may be some high security sites that REQUIRE using 2FA every time but
 I've never seen one. However some sites allow you to set using 2FA every
 time if you want the extra security.

>He's knows
>it's his account, or if he's logging into someone else's account then he
>doens't care that it's not his.  If they let someone just use a password
>and he knows the password, why would he not just use the password?  It's
>so much simpler and quicker.  

So if you're having to use 2FA more than ONCE per account per device, you're
 likely doing something wrong, but don't complain, 2FA is a good thing...

[toc] | [prev] | [next] | [standalone]

#148798

micky, 2025-06-11 13:03:

> In comp.mobile.android, on Mon, 9 Jun 2025 21:12:00 +0200, "Carlos E.R."
> <robin_listas@es.invalid> wrote:
> 
>> On 2025-06-09 17:18, micky wrote:
>>> I'm seeing more and  more webpages that, after entering my userid, want
>>> to send me a code to log in to the page.  For a computer user, this is
>>> just silly, when he could have stored his password so that it pops right
>>> up, without going to read a text or email. And using one's password
>>> always has been the second option
>>
>> This is a fashion of 2FA, if i understand your description.
> 
> But why would the person whose account it actually is want to use 2FA,
> when he can just click and his saved password will fill the password
> field, rather than have them either send a text or email, have to go the
[...]

To make sure, that the account is protected even if someone has stolen
the password. That's the idea of 2FA.

-- 
Arno Welzel
https://arnowelzel.de

[toc] | [prev] | [next] | [standalone]

#149445

In comp.mobile.android, on Fri, 13 Jun 2025 09:39:33 +0200, Arno Welzel
<usenet@arnowelzel.de> wrote:

>micky, 2025-06-11 13:03:
>
>> In comp.mobile.android, on Mon, 9 Jun 2025 21:12:00 +0200, "Carlos E.R."
>> <robin_listas@es.invalid> wrote:
>> 
>>> On 2025-06-09 17:18, micky wrote:
>>>> I'm seeing more and  more webpages that, after entering my userid, want
>>>> to send me a code to log in to the page.  For a computer user, this is
>>>> just silly, when he could have stored his password so that it pops right
>>>> up, without going to read a text or email. And using one's password
>>>> always has been the second option
>>>
>>> This is a fashion of 2FA, if i understand your description.
>> 
>> But why would the person whose account it actually is want to use 2FA,
>> when he can just click and his saved password will fill the password
>> field, rather than have them either send a text or email, have to go the
>[...]
>
>To make sure, that the account is protected even if someone has stolen
>the password. That's the idea of 2FA.

It took me 17 days and more than one read but I get it now. Thank you
both.  

[toc] | [prev] | [next] | [standalone]

#148797

micky, 2025-06-09 17:18:

> I'm seeing more and  more webpages that, after entering my userid, want
> to send me a code to log in to the page.  For a computer user, this is
> just silly, when he could have stored his password so that it pops right
> up, without going to read a text or email. And using one's password
> always has been the second option

This is called "second factor" and became quite common, since passwords
are usually not very secure in the way how many people use them. As long
as you did not switch to Passkey or add a second factor like TOTP, many
websites now use "has access to the given e-mail account" as a
substitute for this - even though this might be compromised as well.

> So I'm thinking this change must have come about because of smart
> phones, right?? And that implies it's harder to save password in smart
> phones than in computers.  Is that so, and why? And why have they not
> fixed it?  

No, it is just because insecure online services exist, where user
account information including passwords or weak password hashes based on
MD5 etc. get stolen. Also using password managers is not that common as
it should be.

-- 
Arno Welzel
https://arnowelzel.de

[toc] | [prev] | [standalone]

Back to top | Article view | comp.mobile.android

csiph-web