Turfster

@Turfster

he/him

Coder, pun perpetrator
Grumpiness elemental
Hyperbole abuser

Tools programmer
Writer-wannabe
Did translations once upon a time
I contain multitudes

(TurfsterNTE off Twitter)

Trans rights
Black lives matter

Be excellent to each other

UE4/5 Plugins on Itch

nte.itch.io/

Github

github.com/theturfster/

Turfster @Turfster2/18/2023, 8:49 PM

basement dweller @badambulist

videogames is one word @psilocervine2/18/2023, 7:03 PM

2fa, sms, and people really not getting it

I remember a while ago, doing some contract work for some fucking bullshit service, I think it was when I was working with a bank, we had a discussion about sms 2fa. While we all agreed that it was the least secure form of 2fa that was actually used, there was one thing I learned then that I've become more and more familiar with as time has gone on

the people who use sms 2fa the most are the people who have the least money

like, aside from 2fa apps being pretty daunting to anyone not particularly tech oriented, people with a bank account will generally always have a cell phone, but that phone might not always have the same capabilities. it's a really bad idea to assume those phones will all have the same capabilities. when I say that, I mean "sometimes people will still be using really cheap flip phones they got with a $50 pay as you go sim card."

I've actually been in this situation myself! when my iphone 5c broke in 2021, I didn't have the money for a new phone. I also used several authenticator apps and had to go through a lengthy process to unbind the authenticator from about 50 accounts because I do actually take online security reasonably seriously. however, that was also when I decided I would just start using sms 2fa whenever possible because I could just take the sim out of my phone and put it into a phone I got at a fuckin' pawn shop for $35

because it turns out you kinda need to have a phone

and for 6 months I was using this rinkydink feature phone because I was saving up the money to get a new (okay, used) iphone 7 because I was kinda locked into the apple ecosystem. aside from not liking android, I had a bunch of stuff that was tied to my phone that I would have to replace, usually stuff that would cost money, meaning any android phone I had would have about $50 slapped on top of its price tag, as well as losing access to all the icloud backup shit I had

but for 6 months I basically had to use a phone where my only option was to use sms 2fa, something I had to fall back on when my iphone 7's screen completely shattered. if I didn't have access to that really shitty phone, I'd have lost access to twitter, my bank account, and numerous other services that I rely on pretty regularly!

this is what being poor is like.

you have to make choices that are fundamentally reliant on things being at least somewhat ephemeral! so yeah, sms 2fa is the worst 2fa option! sure! I agree! but it's also kinda necessary for a lot of people for reasons outside of tech literacy, and the way people are framing its removal on twitter unless you're paying money is fucking gross

You must log in to comment.

in reply to @psilocervine's post:

aino @kisszem2/19/2023, 8:08 AM

at least banks still have physical departments you can go into and request a new password if ur locked of your account, with social media ur shit outta luck

ela @eladnarra2/19/2023, 1:36 PM

Yeah, this makes a lot of sense.

I use SMS 2fa a fair bit. I don't really know why; I'm pretty tech literate, and I have enough funds to buy a new phone if this one breaks.

But after reading this, I wonder if my reason is cognitive/energy - whenever I get prompted to set up a 2fa app, I'm always on the middle of something that I can't easily switch from, like setting up an account so I can do something. And as far as I can tell there are different apps required depending on the services, which increases the cognitive load. I know how to access a text message or email. I don't know anything about authentication apps. And in the middle of creating an account isn't a good time to research all that.

🔞Blade Breecada🔞@BladeBreecada2/19/2023, 2:46 PM

Thank you for pointing this out! I use both sms and authentication 2fa apps. Getting locked out of an account because you lost your authenticator sucks so much if you don't have sms 2fa or any backup enabled.

I don't understand the Muskrat's move to put sms 2fa behind a paywall. I just don't.

JP @vectorpoem2/19/2023, 5:25 PM

it's to cut costs. he's deep into "pulling copper wire out of the walls to sell for a few bucks while losing billions" mode.

@zemyla2/19/2023, 7:32 PM

I think it's more to attack people who dare to use "his app" without paying him. If it were about either security or cost, he'd remove it entirely.

JP @vectorpoem2/19/2023, 11:30 PM

very likely that both motivations are present to some extent, but i would be inclined to classify it more as "malicious incompetence" than "incompetent malice".