Minor things that bother you

[zachary_amaryllis]

When you log onto a website that has 2FA (two factor authentication) and when you get the code on your phone and you start typing it on the computer, only to realize that the designer of the webpage didn't make it so the cursor was ready to go in the text box. So, then you have to go back and look your phone again to remember the code, then click, and type. Annoying. Also, you shouldn't have to click submit. Plenty of webpages are able to tell when you have the requisite about of characters.

In a similar vein - sites that put the digits in separate boxes so you can't copy and paste it.
KDE connect for the phone makes it possible, if the site allows it.

[ZLoth]

I am now doing some corporate banking transactions for my current employer, and the bank uses what I might call a "reverse 2FA" method.  They make use of a third-party app that generates a new random six-digit code every 60 seconds, discarding the previous code.  I had to do a one-time hoop-jumping exercise to register my smartphone and download the app to it, but now when I am logging into the bank's website I pull up the app on my phone to see the current code, and then enter it on the login screen along with my username and password.  I don't know whether this is any more or less secure than other methods, but I don't have to wait for a code or login verification to be pushed to me.

Could be worse. Because of a incident, when you log into our corporate systems, a push is sent to your mobile device where you have to enter a code from your computer screen onto the mobile device to be authenticated on your computer. Also, the company insists on a minimum version of the phone OS system, so if your device is more than two versions old (current and two previous versions), you have to replace it.

Then again, because of security incidents involving improperly stored passwords and leaked account information, not to mention how many people (including my mother) continue to believe in that outdated advice that you should be able to "remember your password" and use the same password on every site instead of utilizing a unique password and utilizing a password manager.... it's a challenge.

[ZLoth]

Just when you thought it couldn't get worse with LastPass, it gets worse. 

From ArsTechnica:

LastPass says employee's home computer was hacked and corporate vault taken
Already smarting from a breach that stole customer vaults, LastPass has more bad news.

Already smarting from a breach that put partially encrypted login data into a threat actor's hands, LastPass on Monday said that the same attacker hacked an employee's home computer and obtained a decrypted vault available to only a handful of company developers.

Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor "was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity"  from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

FULL ARTICLE HERE

[hbelkins]

Most of my passwords, when possible, are variations on a theme. I try to use similar passwords simply because it's easier. At some point, it becomes impossible to come up with some random password for various sites. Did I use M3t@ll1ca for this site, or M3g@deth, or 1ron M@id3n?

The best password manager is a small notebook in which passwords are written down and then said notebook is kept in a safe location.

My bank's system of 2FA, which isn't really 2FA and comes into play only when a new device is used to log in, is to ask a security question. I prefer that to trying to find a code somewhere and enter it within a specific timeframe.

[roadman65]

Or some use notes on IPhones. However if you lose the phone your screwed or a hacker might know how to bypass your file then he can accesses everything.  Plus your note file or app, uses the same passcode as your phone. If the hacker gets passed your log on code, he can access your notes.

[roadman65]

Oh and Apple is Anal, I had trouble logging on because I forgot my passcode from Apple.  It then asked for a passcode from an email sent to me. Entered that. Then it wanted me to use my phone log on code, which I did.

The SOBs claimed I was not entering my correct log on code which I use constantly each day. Now I got to wait several days as Apple says it can take that long before they'll help me.

All I just want to do is upload Paramount Plus.  Apparently I've been logged out for over a year since I reset my iPad.

[J N Winkler]

I have been locked out of a site I use fairly infrequently for months now because the owners upgraded to two-factor authentication and I still haven't figured out how to navigate it--they want me to download an app.

2FA has long struck me as a way to (1) make data secure by locking legitimate users out of it and (2) punish those who use secure passwords for the sins of those who don't.

[skluth]

Most of my passwords, when possible, are variations on a theme. I try to use similar passwords simply because it's easier. At some point, it becomes impossible to come up with some random password for various sites. Did I use M3t@ll1ca for this site, or M3g@deth, or 1ron M@id3n?

The best password manager is a small notebook in which passwords are written down and then said notebook is kept in a safe location.

My bank's system of 2FA, which isn't really 2FA and comes into play only when a new device is used to log in, is to ask a security question. I prefer that to trying to find a code somewhere and enter it within a specific timeframe.

It's not a notebook but I keep all my passwords in a password-protected Excel file on my desktop. I guess someone could access all my passwords if they hacked my computer and guessed the password, but I'm not losing sleep over it.

[Roadgeekteen]

Most of my passwords, when possible, are variations on a theme. I try to use similar passwords simply because it's easier. At some point, it becomes impossible to come up with some random password for various sites. Did I use M3t@ll1ca for this site, or M3g@deth, or 1ron M@id3n?

The best password manager is a small notebook in which passwords are written down and then said notebook is kept in a safe location.

My bank's system of 2FA, which isn't really 2FA and comes into play only when a new device is used to log in, is to ask a security question. I prefer that to trying to find a code somewhere and enter it within a specific timeframe.

It's not a notebook but I keep all my passwords in a password-protected Excel file on my desktop. I guess someone could access all my passwords if they hacked my computer and guessed the password, but I'm not losing sleep over it.

Same thing with me and my phone. I have fingerprint protected notes on my phone with some of my passwords.

[formulanone]

I have been locked out of a site I use fairly infrequently for months now because the owners upgraded to two-factor authentication and I still haven't figured out how to navigate it--they want me to download an app.

2FA has long struck me as a way to (1) make data secure by locking legitimate users out of it and (2) punish those who use secure passwords for the sins of those who don't.

...and (3) we now have your phone number and/or e-mail for future marketing.

[SSOWorld]

Please change your password.

[1995hoo]

Or some use notes on IPhones. However if you lose the phone your screwed or a hacker might know how to bypass your file then he can accesses everything.  Plus your note file or app, uses the same passcode as your phone. If the hacker gets passed your log on code, he can access your notes.

One other problem with that is that it underscores why the banks' stubborn insistence on using text-message multi-factor authentication is not especially secure. If someone gets into your phone and you have your passwords in an unsecured file, that person can then get into your bank accounts because the text message with the code will come to that same device.

[jeffandnicole]

Or some use notes on IPhones. However if you lose the phone your screwed or a hacker might know how to bypass your file then he can accesses everything.  Plus your note file or app, uses the same passcode as your phone. If the hacker gets passed your log on code, he can access your notes.

One other problem with that is that it underscores why the banks' stubborn insistence on using text-message multi-factor authentication is not especially secure. If someone gets into your phone and you have your passwords in an unsecured file, that person can then get into your bank accounts because the text message with the code will come to that same device.

It's not the 2FA that's the issue here...

[oscar]

Most of my passwords, when possible, are variations on a theme. I try to use similar passwords simply because it's easier. At some point, it becomes impossible to come up with some random password for various sites. Did I use M3t@ll1ca for this site, or M3g@deth, or 1ron M@id3n?

The best password manager is a small notebook in which passwords are written down and then said notebook is kept in a safe location.

I do something similar, using a password-protected WordPerfect file on my desktop with hints of the various passwords I'm using. Even if the file gets hacked (I don't know the strength of WordPerfect password protection), it doesn't supply all the information a hacker would need to log in.

[ZLoth]

Why not use a free-yet-secure password manager like KeePass and ensure that the password file is saved on a shared drive folder such as OneDrive, Google Drive, or Dropbox? I know that the entire contents of KeePass is encrypted with a master password, which is better than a password-encrypted Excel spreadsheet.

[webny99]

For as many posts as I've read, I've maybe touched 1% of the entire forum. Just put the user you don't like into that 99%. Done.

Just FYI, about 1.4% of the posts on the forum are yours, so you've probably "touched"/viewed/read quite a bit more than that!

[jakeroot]

For as many posts as I've read, I've maybe touched 1% of the entire forum. Just put the user you don't like into that 99%. Done.

Just FYI, about 1.4% of the posts on the forum are yours, so you've probably "touched"/viewed/read quite a bit more than that!

Nearly 1.1 million posts and somehow I'm 1.4% of them ... that's eye opening, to be honest.

It seems you are right then, though there are quite a few boards that I never dive into. Maybe something like 50% of the posts here are not ones I've seen then.

[Hobart]

Sorry if this is bumping, but I found another one: Going out of your way to draw special attention to yourself! These are situations where it's like, "look at me! look at how special I am!"

I really don't know why it bothers me; it just seems kind of narcissistic. Maybe it's because of anxiety on my end. The issue I have with this is that the threshold is so low for this that I don't even like it when people hop into a furry group chat and post "It's my birthday!"

[ZLoth]

Just when you thought it couldn't get worse with LastPass, it gets worse. 

From ArsTechnica:

LastPass says employee's home computer was hacked and corporate vault taken
Already smarting from a breach that stole customer vaults, LastPass has more bad news.

Already smarting from a breach that put partially encrypted login data into a threat actor's hands, LastPass on Monday said that the same attacker hacked an employee's home computer and obtained a decrypted vault available to only a handful of company developers.

Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor "was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity"  from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

FULL ARTICLE HERE

Yeah, about that...

From PC Magazine:

LastPass Employee Could've Prevented Hack With a Software Update
The hacker exploited a vulnerability in the Plex Media Server software that was patched in May 2020. 'The version that addressed this exploit was roughly 75 versions ago,' Plex says.

PCMag has since learned the hacker targeted the Plex Media Server software to load the malware on the LastPass employee's home computer. But interestingly, the exploited flaw was nothing new. According to Plex, the vulnerability is nearly three years old and was patched long ago.

Plex told PCMag the vulnerability is CVE-2020-5741(Opens in a new window), which the company publicly disclosed to users in May 2020. "An attacker who already had admin access to a Plex Media Server could abuse the Camera Upload feature to make the server execute malicious code,"  the company said back then.

FULL ARTICLE HERE

[ZLoth]

So, here is something that bugs me... abandoned office buildings and/or demolished buildings with no new land use...

Here is something that bothers me, and I'll use my "living in California" as examples...

• I lived across the street from a shopping center. In the early 1980s, a San Diego Federal Savings and Loan Association was built in the corner of the shopping center. At the early 1990s, it was bought out by Wells Fargo Bank, and they continued to operate the branch until a year or so later when they shut down the office as it already duplicated the efforts of another branch that was just a mile or so down the street at a major shopping destination. That building sat unused for almost 25 years, and no plans to redevlop the property until the mid 2010s when it was propsed to tear down the building and replace it was a ARCO AM/PM, but neighborhood opposition stopped those plans. The building was finally torn down in early 2021 and replaced with a Starbucks and three other storefronts.
• Crestview Lanes was a decent bowling alley in Fair Oaks, CA. It was constructed in 1964, but was shut down in August,2010, then later torn down sometime between 2012 and 2015. The only thing that remains is a fenced-off parking lot and a field.
• The Peach Tree Mall (aka Feather River Mall) in Linda, CA was severely damaged during the 1986 floods, and was abandoned by the owners. For decades, it was considered an eyesore with the only tenant being a FoodMaxx story. There was an arson in 2021, and the the building was finally torn down at the beginning of 2022.
• Fry's Electronics which went belly-up in February 2021. I'm checking, and the store in North Natomas is all boarded up and fenced off. The one in Plano, TX is just boarded up. At least the one in Roseville, CA is now redeveloped into a used car dealership, but the iconic "train breaking through the wall" entrance is long gone.

And those are the major eyesores that I recall passing by. When I drive through some of the smaller towns, I see the buildings "abandoned in place" and left to rot, it's tenants long gone, yet new construction not even a mile down the road. Why?

[Max Rockatansky]

Nobody wants mid-late 20th century business aesthetics anymore.  That and it's probably cheaper to build new than to bring an older building up to modern code.

[jeffandnicole]

So, here is something that bugs me... abandoned office buildings and/or demolished buildings with no new land use...

Here is something that bothers me, and I'll use my "living in California" as examples...

• I lived across the street from a shopping center. In the early 1980s, a San Diego Federal Savings and Loan Association was built in the corner of the shopping center. At the early 1990s, it was bought out by Wells Fargo Bank, and they continued to operate the branch until a year or so later when they shut down the office as it already duplicated the efforts of another branch that was just a mile or so down the street at a major shopping destination. That building sat unused for almost 25 years, and no plans to redevlop the property until the mid 2010s when it was propsed to tear down the building and replace it was a ARCO AM/PM, but neighborhood opposition stopped those plans. The building was finally torn down in early 2021 and replaced with a Starbucks and three other storefronts.
• Crestview Lanes was a decent bowling alley in Fair Oaks, CA. It was constructed in 1964, but was shut down in August,2010, then later torn down sometime between 2012 and 2015. The only thing that remains is a fenced-off parking lot and a field.
• The Peach Tree Mall (aka Feather River Mall) in Linda, CA was severely damaged during the 1986 floods, and was abandoned by the owners. For decades, it was considered an eyesore with the only tenant being a FoodMaxx story. There was an arson in 2021, and the the building was finally torn down at the beginning of 2022.
• Fry's Electronics which went belly-up in February 2021. I'm checking, and the store in North Natomas is all boarded up and fenced off. The one in Plano, TX is just boarded up. At least the one in Roseville, CA is now redeveloped into a used car dealership, but the iconic "train breaking through the wall" entrance is long gone.

And those are the major eyesores that I recall passing by. When I drive through some of the smaller towns, I see the buildings "abandoned in place" and left to rot, it's tenants long gone, yet new construction not even a mile down the road. Why?

As long as the property owner pays their taxes, there's little that can be done.  Certain hazards may allow the appropriate jurisdictions to push for remediation, but that can take years. A fence to keep out basic trespassers usually satisfies any issues.

A property owner elsewhere has no relationship regarding another property. The government can't say you're not allowed to build until ABC Corp fixes up their property, because that will give ABC Corp even less incentive to fix their property if they can keep others from building by doing nothing.

[jeffandnicole]

To put another way, say you own property and you want to build a house. The government says sorry, you can't build because John Doe owns a house 3 blocks away that he abandoned.  You have nothing to do with that house, and John Doe doesn't want to sell the property, so you're left with worthless land out of your control.

[ZLoth]

Nobody wants mid-late 20th century business aesthetics anymore. That and it's probably cheaper to build new than to bring an older building up to modern code.

With the shape of some of these abandoned buildings and the lack of historical significance, why not tear down the old building? Unless it involves asbestos abatement...

As long as the property owner pays their taxes, there's little that can be done.  Certain hazards may allow the appropriate jurisdictions to push for remediation, but that can take years. A fence to keep out basic trespassers usually satisfies any issues.

This leads me to the headscratcher... aren't you better off having a tenant instead of a empty shell of a building? I find it hard to believe that it would be more fiscally prudent to take a loss on a building by leaving it empty and to rot than it is to have a paying tenant.

[roadman65]

What gets me is that KFC would rather tear down a building and build a newer one in its place than renovate or add on to the previous building. It could be why no one wanted the old building.

Anyway, how is rebuild cheaper than a renovation.?