That’s great when my bank only uses sms for mfa though.
Seriously, bank and credit card companies need to get with the program more than me and my friends.
Steam. The store front I get my video games from. Has 2-factor authentication with a short time rotating code. To secure my Steam account.
My bank uses SMS and “security questions” aka personal trivia questions.
Easy to guess with some social engineering
Or literally anyone who knows you. It’s based on the idea that strangers are the ones who will try to screw you over but everyone knows that it’s people who you know that end up screwing you over in most cases. So security questions are basically useless in all those cases.
While I agree with you, some people answer these questions with deliberately incorrect answers. If my closest friend tried to compromise my bank account with my security questions, he’d get them all wrong (and even he doesn’t know my wrong answers).
Still a bad design, though.
Right? Had a bank account once, where the login password could only have up to 8 characters. And only digits.
Lucky, mine is 6 (yes, right now in 2024)
I just checked my KeePass and turns out I still have the entry in the recycle bin.
It was 5 digits. Admittedly, that was “back in 2012,” but still. For shame, Bank Austria!
The only bank that allowed me to use totp was a credit union. You’d think the rich ass banks could afford to hire a developer to set up good MFA.
Yeah, and just for a few months. TOTP really isn’t that complicated…
That’s a huge part of why I use my brokerage, Fidelity, as my main bank, they support Symantec VIP TOTP. I prefer my regular TOTP solution, but this us miles ahead of literally every other bank I’ve used.
That’s wild
Ok FBI, let me know which ones to use
Are there still apps that arnt encrypted?
Telegram, for all their security claims, is basically not actually encrypted at all.
There are many where the server owners can see the messages, just not anyone else between the sender and receiver.
Threema and Signal are good options that don’t do this.
Signal being an American company is also problematic.
These two are the best balance of security/convenience, however.
You can create and run your own Signal server if you don’t trust Signal.
Interesting. Are the server and client open source? Is a self-hosted server interoperable with the main ones?
Signal is completely open source and auditable by anyone: https://github.com/signalapp
if you were to create your own clone, it would not interoperate with the real one.
server location and legal jurisdiction shouldn’t matter for any truly secure messenger
What do you mean?
if a messenger is truly 0 trust end to end encryption, it doesn’t matter who owns the servers or the legal protections of data because they won’t have any data anyway. that’s why signal is so good, when they get subpoenaed the only information that they actually have is the last connection and message sent unix times or something. still secure regardless of being in the US and being run on centralized Amazon, google, and cloudflare servers.
Then the jurisdiction of software development matters. Don’t want a back door being forced into an update by the FBI.
1/20/25: FBI Orders Americans to Use Unencrypted Messaging Apps
silly question maybe but after researching China a bit for a few days, I’m genuinely curious: I like supporting the LGBTQ cause, which I could see making me want to avoid Trump probing, but from what I researched, China gov is not against LGBTQ. So is there any specific reason I should fear China looking at my stuff?
Is it basically if I have account info in messages they would hack my accounts?https://www.chinafile.com/reporting-opinion/viewpoint/how-crackdown-transformed-lgbtq-activism-china
Looks like they’re cracking down on LGBT
interesting! thanks for sharing!
