And god do I hate every second of it. My bank is the worst offender, because they allow me to log in, look at my balances and everything. It is until I decide to transfer funds from savings to checking, do they suddenly decide “WAIT! VERIFY YOUR IDENTITY!”. All the while that I’m logged in!
Trying to call customer support to a car dealership to discuss changing dates on your lease? Welp, be prepared to know your child’s name, your state, your blood sample and all other shit just to reach an agent so you can ask one simple question.
Google sucks balls for this too, obviously. Can’t just simply sign in anymore, nope, gotta go find your phone and tell that, that it’s you trying to log in and then you can go in.
Not to mention the amount of fucking codes we have to enter along the way. This shit piles up, people. We waste minutes to hours, collectively, on doing this shit.
I’m surprised you’re getting downvoted so heavily: Is it really that controversial of an opinion that I want to be able to make the choice between reliable accessibility, efficiency, and hardened security for my personal stuff?
Of course: On a corporate network I have a responsibility to have a very secure account so that I’m not a weak point, I’m not talking about scenarios where my account being breached exposes others that I’m responsible for.
I’m talking about my personal accounts. I may want to choose to have a password and no 2FA, for the simple reason that I may want to be able to access my account from a library computer or internet cafe without having access to any of my devices. That reliable access may be more important to me than having heavier security, and nobody has any business asking me why, because it’s my data that I’m choosing how to protect. However, that’s become pretty much an impossibility by now, with everyone shoving 2FA and whatnot down my throat, regardless of what I want.
If I happen to lose/break my laptop and phone simultaneously, which is not unthinkable given that I carry both on me pretty much every day, I’m pretty much locked out of everything.
It’s interesting that you’re getting downvoted. There’s plenty of evidence that things are getting worse in this field, not the least of it caused by ignorant policymakers who are hellbent on protecting their arse by being seen to be doing something, anything.
Then there’s the ambulance chasers who amplify the fear factor up to eleven just so they can justify their retainers.
Finally, there’s Microsoft who in my opinion shows the whole world, time and again, how not to do security whilst all the while preaching to its victims, uh, customers, what “best practice” looks like, whilst chanting"Do as I say, not as I do".
Security is about education above all else. The vast majority of breaches start by social engineering, getting a target to inadvertently install something or reveal something that gives an attacker a toehold into a system. It might be an unexpected PDF, a clicked link, a weak password, or personal information retrieved from someone who has no business storing your passport and driving licence on a system.
Are you advocating for less security, and identity checks when dealing with your bank?
A bank should not need to store your passport and driving licence after you’ve opened the account.
It should never have to phone you to verify your identity.
It should not use a random mobile phone number to send an SMS request to confirm a credit card transaction.
Each of those things are security theatre and actually make the whole system less secure.
As for 2FA, it should not be SMS based and it should be when you login, not when you transfer funds between your own accounts as the OP mentioned.
On the matter of information security, but also security in general:
- convenient
- effective
- inexpensive
Pick two.
A government issued ID card with a signed certificate on it could do all three pretty well.
Do you really trust a Government to keep your data secure?
How is such a card anything other than a universal identification card, which can then be stored by all and sundry as “proof”, right until one of them gets hacked and your card needs replacing … everywhere.
I think I’ll pass.
Ugh no I hate logging in with my government issued id card and that weird custom certificate that needs to be manually installed. Plus i would need to get up, search for my wallet, take out the card and insert it in the reader
Try to campaign for and get up and running such a nationwide government issued ID system and then tell me how inexpensive it was to do. :P
Some countries already have this.
Most countries already have roads. That doesn’t make them inexpensive, just means the cost was already paid.
Yes, it’s like infrastructure. Roads have running costs as well, you don’t just build them once and are set then.
Most countries have some form of national ID already.
