Other What's ruining your life right now?

Phone apps can eat my asshole, seriously. Why anyone wants anything on something so easily lost or stolen that goes anywhere near their finances boggles my mind. MFA, sure, but banking apps? Eugh.

One of the banks I'm with here has seven different apps to manage the same account, depending on what you want to do Of which I think three need different passwords. Or a web page that appears to have been built by scanning dot matrix printouts.

The other one has a similar number of apps, a slightly slicker web page, but the English version shows how much attention they actually paid to their applications or web pages. It's so bad I opt for the German version - But since my phone is in English, the app auto-selects the language and has no ability to be changed manually.

The order will be executed if disposition is positive.

That's a common sentence in their world, apparently.

Honestly it's enough to make me want to buy a fire proof safe and store money under my bed :/

 

We had similar difficulties after I first imported my wife from The Netherlands. We had to get her driving licence swapped over to a UK one (which was VERY easy to do) before a bank would even begin to start looking into anything for her. It became easier when the lovely woman who was trying to sort things for her realised that I had been banking with them for years, had a substantial credit card with them (even if it was empty at the time, gods I miss those days), and we were sharing the same address. Once all that went through she was sorted.

 

Laughs in Monzo.

Honestly though, if someone nefarious gets their hands on my phone I am screwed, banking app or no banking app. The amount of private information that can be accessed from a modern smartphone is mind-boggling. There's a reason I was really reluctant to switch back to Android, a platform notorious for its fragmentation and utter lack of security/OS updates and fixes.

In fact you don't even need physical access to my actual phone to do it. All an impostor has to do is fool EE: "Update your address, sir? Sure, you passed security checks, no problem. Oh you lost your phone when you were moving? Let's send a new SIM card to your new address and invalidate the one you lost.". Pretty much any password reset process or two factor authentication is 100% moot when someone can intercept your text messages.

One of my biggest downfalls is the convenience of my Google account. There are only a few sites/services for which it does not have a stored password. I'd love to extricate myself from that dependence, but I don't trust a third-party company to keep my passwords safe - ironically, in that specific context I trust Google more than I do someone like LastPass. And I can't currently buy a Mooltipass because they've suspended sales until the new BLE model is finished.

 

I opened a new bank account (TSB) 2 years ago, did it all online without leaving my chair and had a cheque book and cards delivered within a week.

Before that the last account I opened was 20+ years ago so buggery know what hoops I may have had to jump through.

 

Oh, absolutely, it's why my phone is as sanitized as I can make it while still retaining the required functions - MFA, phone, text, email and, unfortunately, whatsapp.

It's crossed my mind, more than once, to retire this phone to MFA duties and getting one of those Nokia banana phones for the functions I actually require from a phone. What puts me off is needing to then remember to charge the damnable "phone" at home.

I've entertained, more than once, building an android based device that is dumb to all phone queries and runs purely for MFA functionality - But I could never find a way to make it pocket sized enough that I'd consider carrying it as well as a more old fashioned phone.

The closest I could come up with was a media player that was small enough to consider - But the absurd cost of the unit, plus needing to get wise to custom flashing a version of Android.. Bleh.

 

If there was a way to do two-factor authentication without the need for an internet connection (whether a home connection or a cellular connection) it would be good. I know there are lots of options out there such as YubiKey and similar, but there's very little support for them from what I can see. Plus there's always the risk of losing a physical key for which there is no backup (short of a second device stored in a secure location); internet or SMS-based 2FA solves that problem neatly, but then we're back to the same weaknesses.

TBH I think for the vast majority of people a password manager, protected by a good password, and 2FA is probably 'good enough'. If you're careful with personal information and follow good digital security hygiene, then you are unlikely to be specifically targeted if you don't have a public profile. If you are unlucky enough to be specifically targeted then nothing will stop someone who is really dedicated; the best you can do is limit your attack surface ahead of time.

I would just like to get to the point where I am not reliant on handing my passwords over to Someone On The Internet, even if that 'Someone' is someone who exists only to manage passwords.

 

Yeah, I opened a current account with <a major UK bank> last year and it was all done online and the whole thing was completed from start to finish within about 10 days.

 

I knew you might have a few things to say about this subject

Do you use a hardware module to support that? If so, which one do you use? Happy to do some reading into this, if you have any pointers .

 

Wait... I've got four 2FA apps on my phone: Blizzard Authenticator, Microsoft Authenticator, Google Authenticator, and Authy. Five, if you count Steam's app. Both Authy and Google Authenticator implement RFC 6238, and I did not realise that that's an offline thing - I assumed it needed an internet connection...

I guess what I really want then is a smartphone-free implementation. Adoption of Fido U2F/Fido2 looks to be pretty slow, so I don't think that's going to be a solution any time soon. I guess at least if I can move passwords off my Google account into physical hardware then I at least won't have both passwords and 2FA dependent on the same account (reducing your attack surface and all that).

 

I looked into Yubikey and came to much the same conclusion. I could use it for a lot of things, but with banks and some digital distributor platforms locking **** to their own MFA device meaning I'd still need MFA apps on the phone? Yeah it pretty quickly got thrown in the "sod that" pile.

Absolutely, there are more ways into most things than just your password and MFA device (Something my girlfriend doesn't get, given how much paperwork she tries to just throw out with huge amounts of personal information on..) and anyone dedicated enough will get in.

However, I don't believe most people are interesting enough to get someone dedicated to nicking their stuff, but to leave it all on a phone that can be casually lost, and picked up by anyone? Oof. Does not fill me with joy-joy feelings.

See, I like the concept of things like Keepass where it's on you to sync the database to devices you need it on rather than using, for example, BitWarden - But I've been more annoyed by Keepass than perhaps I should have been. I looked into the doodad that @Gareth Halfacree uses, the Mooltipass(?), but the physical device control aspect made my thumbs hurt before I even picked it up.

 

This is what I'm waiting for, the Mooltipass Mini BLE. From what I read on Reddit last night, it looks like they're aiming to get the crowdfunder launched this month. Might be the first one I ever pledge to.

 

HMRC updated the (trade) tariff to reflect changes coming in for the EU VN FTA. Not too bad you think? Yeah, helps when they communicate the change..

Slight (big) issue for any business that sends its own declarations to CHIEF (customs system) when the codes its expecting to receive don't match what you send...

Cue 2,000 declarations all failing and now need to manually amended and re-sent on top of the system changes that actually need to be performed (reclassifying multiple seasons worth of articles and loading whole new sections to the tariff schema (duty rates etc) all within a day.

Oh and to top it all off they reverted the change half way through today only to revert it AGAIN at around 4PM... When you are trying to rapidly update your customs warehouse systems to align with the changes, only to find your test declarations are failing due to the codes changing back its time to start throwing things!

Don't worry though they have a new customs system coming next year.... ****!

 

Lost a monitor at work early in the week, not a big deal, I had a triple monitor setup so can manage on two... totally forget one of the remaining monitors also likes to go for breaks now and then refusing to turn back on... achieved 75% my usual output this week. I’ve flagged it to the IT department who should fix it for next week so next week I’ll play catch-up.

I hadn’t realised how much screen real estate improved my workflow. I love my 34” ultra wide when working at home but i was always after more real estate with my 27” 24” Samsung setup. Switching just squeezed the resolution of both onto one so I was never any further forward... It has got me thinking on how I can Improve my workflow from home setup as well now but options are slim.

49 ultra wide is expensive as hell... not even sure my work laptop is capable of the resolution to run it.

Second 34 - Potentially too wide, I’m aiming to push for a 1.5m desk of which two 34 inches will span 1.6M...

Cheapo mismatched 22/24 - not quite the right resolution, but will do the job

Edit: Oh and I’ve been awake since 2am because my son woke up and is loving life. I feel like complete ****

 

Not really 'ruining', but driving me crazy because I feel like I'm going round in circles today.

Problem: I need to be able to access the internet from an old Power Mac
Solution: Hook it up to the network then.
Problem: The hideously outdated version of Internet Explorer on OS X 10.1 is unusable on today's modern web
Solution: Install TenFourFour browser
Problem: Can't download TenFourFour because browser is unusable
Solution: Transfer via USB
Problem: Filesystem compatibility shenanigans
Solution: Figure out that writing to HFS in Linux needs root
Problem: TenFourFour only supports OS X 10.4 and up
Solution: Install OS X 10.4
Problem: No DVD burner on anything except the Mac, so no easy way to transfer
Solution: Use USB again
Problem: File is too large for compatible filesystems

scratches head, makes cup of tea....

Solution: Mac OS X is *nix-like, yes? Use SCP in a terminal to transfer files then.
Problem: Modern SSH/SCP Linux clients don't support the outdated key exchange methods or ciphers used on OS X 10.1
Solution: Use the Mac to SCP files from the Linux box
Problem: OS X 10.1 doesn't support the key exchange methods and ciphers used in modern Linux systems
Solution: Track down the command-line arcana required in order to use older key exchange methods & ciphers in a modern SSH/SCP client

And that's where I'm at right now, the OS X 10.4 Tiger ISO has just finished transferring to the old Mac via SCP. I get the feeling that actually installing OS X 10.4 will start a whole new round of shenanigans... EDIT: Of course it didn't work, did it? Couldn't unzip because of some... disk... filesystem... stuff... I forget the actual error message... This means I'll have to uncompress the ISO on my Linux machine and transfer the uncompressed ISO... DOUBLE EDIT: OK fine, it's not an ISO, it's a DMG, and it's really not compressed all that much. This should only take another 15 minutes or so then...

At least I learned something today: If you want to piss around with older Macs then the first thing to do is get OS X Tiger installed so you can have a browser that actually works!

 

Nope, too much like hard work...

 

It's in the name after all, the browser is TenFourFour. You'll probably need OS X 10.4.4.