Matt Blaze
Just experienced the most hostile MFA login I've seen in a while, from, naturally, a tax accountant (for a nonprofit I'm an officer of).
You get sent a 20 character mixed case code, which is sent to your phone as a image via MMS, in a font suitable for use in difficult CAPTCHAs. You have 3(!) minutes to receive it and enter it correctly or you have to get a new code.
Accountants seem to have singularly bad client login systems.
Steve's Place
@mattblaze Memories are made of this.
At one company, we needed customers to leave their dial-up modems (I am so old) on overnight for updates. To handle the nasty business of logging in for automatic maintenance, a new concept at the time, I had the honor of inventing a secure-ish login system.
You had to have a key, a small code snippet, to unlock the system, without which the hacker would be left on a peripheral board. Getting to the CPU from there, in that direction, would require hardware knowledge. No hacks ever happened.
In hindsight, it is a good thing that the company did not ask me to design a login system for humans.
Matt Blaze
I'd complain, but I'd undoubtably just get told it's all there for security reasons and also, no one knows who set it up or how to change it.
Steve's Place
binchicken
@steter @mattblaze you've done the obsidian knife part, now smear the blood on the crystal.
look, i didn't build the system, ok? now hurry up, it needs to be fresh to get a good read.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.