| ▲ | x0x0 5 days ago |
| on security theater: the morons running my garbage company demand not just a email + pass but also security questions in order to login and... pay your bill. That's the functionality available. Example security question: favorite book. Which is, naturally, case sensitive. Someone wrote this to prevent people from stealing my password and paying my bill. |
|
| ▲ | jerlam 5 days ago | parent | next [-] |
| In the past, every company thought they were the next Facebook and needed to build complex super-scalable architecture because tomorrow a million users would appear out of nowhere and try to log in at the same time. Now everyone thinks they are the next Experian and tomorrow a million hackers are going to attack and steal everyone's private info. |
| |
| ▲ | DaiPlusPlus 5 days ago | parent | next [-] | | > Now everyone thinks they are the next Experian and tomorrow a million hackers are going to attack and steal everyone's private info. But this is demonstrably the case today... I don't think I've gone a week without hearing about some major data-breach. ...my own org got h4x0red a few months ago: our CEO didn't have 2FA enabled on his God-tier global-admin-rights OIDC/SSO login and somehow, someone found our internal login page, had a snoop around, found our Twilio account keys and sold them off to some spammer who then sent spam texts to our customers (fortunately our (immutable) access logs showed there was no further intrusion, but it was still an incredibly unsettling experience considering how uninteresting and un-sexy my SaaS day-job is). ...so if it can happen to me, a random fellow HN troglodyte, then it can happen to you; or the hospital down the street from my old office[1]. In conclusion: we're doomed. [1] https://therecord.media/seattle-fred-hutch-cancer-center-ran... | | |
| ▲ | ndriscoll 5 days ago | parent [-] | | Except in the real world almost every gym I've used just gives you a keychain barcode with your account number and it works fine. You scan in and it checks whether you're current. Maybe shows your picture to a front door attendant on their computer. No complicated cryptography required. A gym requiring an app would be a hard no from me. I don't know why anyone (especially technical) would put up with that. | | |
| ▲ | kassner 3 days ago | parent [-] | | > I don't know why anyone (especially technical) would put up with that. Answer from someone that has to put up with that: other gyms are significantly harder to get to (distance) and it’s already hard enough to get motivated to go. My options are shitty app or no gym. Not everything is technically perfect and sometimes your only option is to put up with the stupidity of other developers/product managers. |
|
| |
| ▲ | throw10920 5 days ago | parent | prev [-] | | ...and, of course, all of these companies are just as bad at security as they are at scaling - they don't even have the capacity to understand (organizationally - I'm not anthropomorphizing them) that Experian happened because their servers were breached, not because users' accounts got stolen. It's pathetic. There should be regulation that prevents overly onerous "security" controls on users accounts. |
|
|
| ▲ | m463 5 days ago | parent | prev | next [-] |
| > garbage company demand not just a email + pass but also security questions thank goodness they do this, because I use the same email + password with my garbage as with my bitcoin wallet, my brokerage account and my online mistress finder app.; |
|
| ▲ | noisy_boy 5 days ago | parent | prev | next [-] |
| My utility company used to include the bill amount in their email which I used to pay using my banking app. But no, where is the fun in that! So they built an app, because what is the utility of a utility company without an app, removed the amount from the email so that I can give my fingertips some much needed workout and open the cursed app just to see the amount. I think the app has a feature to pay as well but being the minor lord of pettiness that I am, I refuse to use that and still pay using my trusty banking app. |
| |
|
| ▲ | maccard 4 days ago | parent | prev | next [-] |
| My supermarket requires email 2Fa for grocery delivery and enforces it on basically every login. It means whenever my wife or I are doing the shopping we have to have the account owner there to get the secondary code. I keep meaning to auto forward all emails from then to me…. |
|
| ▲ | stavros 5 days ago | parent | prev | next [-] |
| There has been a spate of Russian hackers recently paying other people's garbage bills, it's becoming an epidemic. The company is right to want to curtail it by asking you for your favourite books, which is the hobbit, not the Hobbit |
|
| ▲ | bapak 4 days ago | parent | prev [-] |
| I bet the password expires every 6 months too |
