Do you use Google or Facebook Logins when prompted for a new website?

If I only want to source info and don’t want to use the site regularly , I get out and find an alternative site.

I couldn’t do the poll as there was no click out and go to another website

1 Like

I usually leave the site. Not that desperate for particular information or service. I used to follow up by letting them know I don’t sign up with google/ Facebook and if there’s not an alternative I won’t return.

2 Likes

This is sadly true, @syncretic. Intelligence services are specifically targeting mobile phones that appear and disappear on the network. However I would hope that this would only be in conjunction with some other information that leads you to being a “person of interest”. There is of course no transparency or oversight on this question.

describing them as an anarchist terrorist cell […] who shunned cell phones in order to avoid detection by authorities

Maybe that’s why they are called “cell phones”. :rofl: However, sacré bleu, such a phone would never be called a cell phone in France. It would be a mobile phone, as is also more Australian.

1 Like

I sign in with Google a lot but not Facebook, Most of my passwords are made, and I use Firefox as well I think I have only about three passwords that I sign in with Google. Plus they are looking at you everywhere, My husband use to make a lovely smooth drop of whiskey, and so I put an add up to sell all the stuff On Facebook then a knock on the door it was two police man they had seen the add, and they wanted to confiscate the glassware my husband had, My husband passed away in November, so I was trying to get a bit off money together to help with bills Anyhow they said the drug dealer love that sort of glassware, So I let them have it and Signed for it as well, and A day latter a friend told me that i was not breaking the law, and they had no right to do that, All I know is I just don’t want drug dealers getting hold off it and making shit that kills our kids and grandchildren, So I let them have it So the point is they are watching everything But i have nothing to hide So I do not care, As I never broken the law in My life.and I am 69 years old.

2 Likes

7 posts were split to a new topic: Do I need a licence to distil alcohol at home?

The reason they are called ‘cell phones’ in some less sophisticated corners of our globe is because they rely upon a cellular network architecture.

I am often annoyed at the differences in English as she is spoke, but it turns out that many of our differences do have a sound historical basis. Aluminum vs. aluminium, for instance, came about because the people originally deciding on the name couldn’t make up their minds. Aluminum was an earlier version of what most of the English-speaking world now calls aluminium.

I hate to break it to you, but you have almost certainly broken laws that you did not even know existed.

2 Likes

Never, ever sign in with anything but an email address. I have my own domain name, so in the vast majority of cases would create a site specific email address and give minimal details. If I have doubts or suspicions about the site I use one of my pre-prepared spam magnet email addresses not tied to my domain.

2 Likes

NO…prefer to overview before keeping…

Nice to see Optus will commence two factor authorisation such as pin no. sent to smart phone. Hard to understand why they hadn’t done it earlier.

2 Likes

It wasn’t done earlier as it wasn’t mandated. The Australian Communications and Media Authority has now mandated all mobile carriers to use two factor verification, the main driver being to prevent fraudulent mobile porting.

2 Likes

The only problem being that it permits SMS - a communications method that is ancient and insecure - as one of those authentication factors.

Here is a link to the ACMA announcement, and one to the relevant Determination. Unfortunately the official version does not provide a decent English language interpreter, so one of my previous links is to a sales-critter’s website.

Poking a little further, it is not at all clear what the Determination means by “account information authenticator”. This term is defined as:

account information authenticator means a process used to establish that the requesting person is the customer, or is the customer’s authorised representative, for the telecommunications service based on the requesting person’s knowledge of a piece of the customer’s account security information.

That is one of the two required factors, the other being:

personal information authenticator means a process used to establish that the requesting person is the customer, or is the customer’s authorised representative, for the telecommunications service based on their knowledge of a piece of the customer’s personal information that is not account security information.

And of course telecoms carriers are expected to interpret this. It is always fun to try to make sense of regulation.

3 Likes

Not the only problem. Another problem is a mobile service that is data only (e.g. not being used in a phone) and hence doesn’t have the interface to receive an SMS (and also doesn’t have the interface or capability to run an authenticator app).

It remains to be seen what is done about that. I think they will accept email as an alternative which, also, for all intents and purposes is insecure.

While SMS is insecure, it is still better than not using a second factor at all.

This is sensible. I do the same. No No No FB, i use YuToob but dont have an account nor any subs. Yes i am honest with banks and important useful sites (Choice) but mostly if I cannot quickly sign in with an alias ID then I will lie. However, using an android phone it appears that i can do little without the knowledge of ggl.

1 Like

I should have mentioned that some password managers allow login details including passwords to be exported into a readable file (such as ascii text files). While this isn’t generally recommended, one can export the file and use a extremely strong encryption program (128+ bit) to save a copy locally (or part of a standard routine backup) in the event the password manager crashes.

Alternatively, if one has a safe or secure storage location, a unencrypted version could be kept (electronic or paper print).

Any kept copies of password manager export data files has risks which one must consider before using this as a form of backup.

Don’t print it while you are in the office. Many business-grade printers now store everything they print on internal hard drives. This is a problem for a lot of businesses that would like to dispose of the printers while keeping their proprietary information to themselves, but also for individuals who use the office printer for personal purposes.

I listen to an IT Security podcast whose host routinely prints out QR codes when enabling two factor authentication on his phone app. Next time he changes phones, he unlocks his cabinet and pulls out the printed codes and rescans them on the new phone - in some cases saving quite a lot of work in reactivating all those existing accounts.

There is a big difference in security risk between online and the physical world. Online attacks can come from any other Internet user, but to get to your printed passwords one needs to physically break into your home and access the storage where those passwords are kept. When weighing up relative risks, unless you work for ASIO or in some other extremely secret squirrel area the physical attacker is more likely to steal your computer and TV than a stack of paper.

If you do work in some secret squirrel job, what are you doing posting in this forum and giving away potentially valuable information about yourself (including the way you write)?

4 Likes

No.

1 Like

No, I avoid using FB or Google logins.

I use:

  1. 6 free email addresses from Firefox. These are for sites that are a bit risky
  2. A few other slightly less disposable email addresses for subscriptions etc.
  3. My 2 main email addresses for anything important for sites that I would generally trust

I also use a password manager and unique passwords for each site.
This has only been a problem once, when I had left both my laptop and phone at home and needed to access some websites from a friend’s phone… the password manager wanted to verify the new device using either email or other 2FA and I didn’t have access to either of these. So I think it’s worth knowing the password for the email address used for the password manager!

3 Likes

The words “10 foot bargepole” spring to mind.

That comment may be a bit terse.

I think what you mean is:

“password manager” - good

online password manager” - not so good - don’t touch with 10 foot bargepole

I would like to add

Accessing anything from someone else’s device carries with it some risk. You must trust the friend and you must trust that the friend’s device has not been compromised by a third party.

1 Like