Lubuntu doesn't find the wireless on my Lenovo laptop.

  • Thread starter Deleted member 151145
  • Start date
Email verification should pretty much always be required. It's 'double opt-in', meaning you opted to sign up and opted to confirm the subscription/whatever. That prevents a whole lot of spam and give site owners evidence for when someone later complains and tries to say they didn't sign up for it.

I'm strict with it.

Next, you may want a phone for 2FA - that's two factor authentication. When you login, they send a code to your phone. This means it's most likely you - or someone else has both your password and phone, which means you have bigger problems than signing into a website. Some do a code to email, which is what I prefer for 2FA.

That's just good security.

Security is, who you are, something you have, and something you know... Well, good security is... We don't do much of the 'who you are' online, but you're starting to see it in phones - where you're showing who you are with a fingerprint, which could also be considered something you have but that'd be the phone more or less in that case.

We all clamor about bad security, but we don't really like to implement it.
I have no problem with going through a 2 step verification to set up an account. What I'm tired of and no longer going to do, is have to use a 2 step verification EVERY TIME I login to my account. I also object to ANY verification requiring a cell phone. What about people that don't have a phone? What about families that can only afford ONE phone and another person has it at work when another family member needs to login to his account? The forum that has me ticked right now is that WattOS distro that thinks that using a social disease site name Discord is a good way to host a forum. When I tried to login, it demanded I receive an email with a link to verify my login credentials. Once I did THAT, it demanded I then receive a text message on my cell phone. Now, this isn't a one time, account setup procedure. It is EVERY time I try to login. I know that part of the reason social disease websites don't receive me willingly is because everyone of my browsers and every one of my laptops is set to automatically delete EVERYTHING when the browser closes, including any offline crap. That means there are never any cookies left in my browsers and there are a whole bunch of sites that specifically look for that old, cookie. eBay is one of the worst offenders.


I have no problem with security. I have a problem with lunacy. eBay's server immediately checks for a cookie when you login. If the cookie isn't there, you have to do at least one, and usually two, Captcha verifications. So, EVERY time I want to login to eBay, I am supposed to jump through hoops to verify my username and password, that I already entered, is who I say I am. I know this to be true because when it first started happening a couple of years ago I went round and round with eBay and they, themselves, told me that was why I am hit with so many verifications. I asked them, and never got a response, if a damned cookie was their definition of computer security.

The bottom line is that the real reason security fails is because the servers for whatever type of site it is aren't truly secure. They are shifting responsibly for security to the users. If any website truly believes that they can make their site servers more secure by shifting responsibility to the users, we're all in trouble. And I'm not kidding a bit when I say that if I have to have a cell phone present to login to an account on my laptop, I will have my account deleted that same day. I will also never own a phone that REQUIRES my thumbprint to use it. It's MY phone. I'll use it the way I want and if I can't then I'll do without a phone. Of course, the shift from REAL computers to, so called, smart phones is one of the reasons there are so many breaches of company servers. Whoever thought it was a good idea to make a phone a computer screwed the pooch.
.
 


My word choice wasn't very good, it should have been higher chance that your account will be brute-forced or phissed.
Let me give you several examples.

1. I once made a temporary Gmail account with a strong random generated password and didn't put two-factor authentication on it and it got hacked at one point since they changed my password.

2. I decided to make Twitter account to get updates for the sport I follow from the different teams, I didn't put on two-factor authentication. I used a strong randomly generated password. Eventually I couldn't get into my account again because my account had been disabled by twitter because of having seen suspicious activity on my account. That sure wasn't me.

3. At my work on a regular basis people would get their email accounts comprised, causing their accounts to send loads of spam into the world which then caused or mailservers to get blacklisted on different blacklist for sending spam. After we enforced two-factor authentication on the accounts it hasn't been a problem since, I do have to say are companies are more likely to be targeted for targeted phishing attacks.

4. Important: We did not send an email asking for donations - scam alert (This could have been prevented by having used two-factor authentication on an admin account).

Why do you think two/multi-factor authentication is being promoted by companies and governments?
You're kind of making my argument for me. Remember, I said that I would do nothing realted to google and I have said many times that Facebook, Twitter, Instagram, etc, etc, etc, are what I call social disease sites. No social disease site can EVER be secure. The majority of users on social disease sites use Windows or their silly, little phone. Windows can NEVER be secured and the users of those Windows machines will NEVER understand or care about security. If you believe otherwise, you're going to be in for a long battle.


Google would LIKE for us to believe they use Linux on their servers. That's not exactly true. They run a highly modified, chopped up, halfway hacked, version of Ubuntu. Let's not even get into the whole Borg cluster manager. Not only that, employees at any Google related service are NOT required to use a Linux computer. They are permitted to use ANY operating system they choose, as well as pretty much any type of hardware they choose. Granted, a lot of them do use Linux and good hardware, but those people are NOT the problem. The problem is with those employees that have elected to run Windows on their laptops that they then take home and let their kids use "for homework". So, when somebody tells me I have to jump through a whole bunch of hoops to "supposedly" keep their site secure, I just laugh. Why am I being tagged to try and secure any server like that?

You stated, "At my work on a regular basis people would get their email accounts comprised". How were the accounts compromised? Were the servers hacked? Were just a few employees accounts hacked? Why was there a breach? If you say it's because they didn't have a 2 step verification, I'd have to doubt that. Do 100% of the employees use NOTHING but Linux? Are the employees permitted to access their business email account from home on their cheap little piece of crap Windows computers? Are those employees permitted to access any and all websites they choose from within the company's network? I'm going to bet that at least two of the questions I just asked can only be answered by saying, "Yes". That is no reason for ME to have to jump through all sorts of hoops to TRY and secure somebody else's servers.

The other thing you might be overlooking is that I merely started that if I have to resort to all that needless 2 step verification stuff, I'm done. REQUIRE me to use a thumbprint on my cell phone? I'll resort to an old landline. REQUIRE me to use email AND cell phone verification to login? Close my account immediately. REQUIRE me to jump through all those hoops to visit any and all websites on the 'Net? You''l find my laptops in the garbage tomorrow morning.

I'm not saying you have to agree or you have to follow my lead. I'm not trying to convince you to take my side on these matters. I'm only stating that I won't do all that. I've said before, I sat down in front of my first computer in 1976. I'm still screwing with the things today. If something changed overnight and all the things I have stated I won't tolerate suddenly existed, I'd throw every digital device in my home away and never look back. Way back, when IBM made the unofficial announcement that their goal was to put a personal computer in every home, all of us computing professionals working on main frames said the same thing. We all said that's a disaster waiting to happen. If you don't believe it's a disaster, you didn't live through Y2K. The entire computing industry went nuts. They feared that the PCs running the nation's electrical grid were going to come to a screeching halt and the world would plunge into darkness. Now, fast forward 23 years and take a look at how the electrical grid in this country is being managed. First, they are shutting down coal fired generating plants left and right. They have nearly completed the connection of every local power grid into one, massive, single, power grid. The entire thing is run by interconnected servers scattered across the country. All it takes is the ability to breach ONE of those servers and the whole nation really could be plunged into darkness. And before anyone makes the comment I hear so often, NO, there is no such thing as a hack proof computer or computer network. Period.
 
You stated, "At my work on a regular basis people would get their email accounts comprised". How were the accounts compromised? Were the servers hacked? Were just a few employees accounts hacked? Why was there a breach? If you say it's because they didn't have a 2 step verification, I'd have to doubt that. Do 100% of the employees use NOTHING but Linux? Are the employees permitted to access their business email account from home on their cheap little piece of crap Windows computers? Are those employees permitted to access any and all websites they choose from within the company's network? I'm going to bet that at least two of the questions I just asked can only be answered by saying, "Yes". That is no reason for ME to have to jump through all sorts of hoops to TRY and secure somebody else's servers.
It didn't happen on a daily basis but more than enough to know it happened every now and then. People clicking on links in phishing mails and then logging into what they thought was that was the webmail login of the company. Everything goes through firewalls and proxy servers where suspicious links are blocked, It's impossible to constantly block every single phishing website even when automated on proxy servers. You can't expect not to be allowed to use your own computer at to access your company mail because a company is not going to give every single person a company laptop if they don't actually need one. Do you know a company that gives every 15,0000 of their employees a company laptop, I don't. It's mostly Windows like how it is in most other companies as well.

Also why certain decisions are taken of how things are done is going towards company politics, technicians advise and then managers end up making a decision and not always one the technicians like or agree with and because of limited funds. It's a lot more complicated than you seem to be making it out to be.

The idea of phishing get someone's login credentials, if One-factor authentication is on an account the people phishing will be able to access the account, if two-factor authentication is enabled on an account the people phishing won't be able to access to the account because of not being able to authenticate with the second factor. Also it's possible to trust a device for 30 days for 2FA/MFA that way you won't have use it every single time you login in on a device.

In companies different measures can be taken but the point here is that security is journey not a destination, you as the user are part of that journey because using the road to access the company(online that is). Also because there are different attack vectors that can be used: hardware, the network, the server os, application running on os, client os accessing the application, client side application(ie: browser) user(social engineering), etc. So every part in the chain towards accessing an application owned by a company is part of the journey to a better security. That includes implementing security measures(such as 2FA on accounts) on the client side for the user. At some point passwords won't be secure enough anymore once hardware and software technologies have advanced enough and something new will have to be invented to securely authenticate and authorize accounts.
 
Last edited:
I'll just reply this one, last time. You once again made my argument for me. Saying that it has to be the user's responsibility to help secure the site is, in fact, passing the responsibility to the user and not the server/site. I have had one email account since sometime in 1999 and it has NEVER been hacked. I have NEVER been required to perform any type of additional verification. The difference between the account I have and what the bulk of all computer users have is that I pay for my account. I have NEVER used a freebie account, not even the free account the Internet Service Providers handed out. There isn't a free email service in existence that can come close to my mail service's record. The big difference is in the mentality of all the people that think Gmail, and other similar freebie accounts, are wonderful email services because THEY ARE FREE. Then they use their company's email servers to forward the jokes they got from cousin Bob in their freebie account to ALL of their fellow workers. And THAT is why I'm supposed to jump through hoops to login to a forum?


No, thanks. I'll throw this stuff out the door before I submit to that line of twisted thinking.
 
I'll just reply one last time as well. You seem to not understand that security comes in layers because it's bad security to only have security on only one location in the chain. To make a comparison even when it comes to the security of a VIP there's multiple layers. It's not only bodyguards that make up the security of a VIP and the people that want to meet with the VIP have to jump through a hoop as well by being searched for weapons. There are paid options for Gmail and Outlook, although I don't use either since I host my own mail.
 

Members online


Top