Jump to content


Photo

Here is good idea for an article

Blame Shifting and Security

  • Please log in to reply
56 replies to this topic

#1 codecreeper

codecreeper

    Champion

  • Atomican
  • 5,020 posts
  • Location:Adelaide, South Australia

Posted 11 August 2015 - 12:08 PM

Why is it so Wrong that users and such have to protect their own accounts from hacking in MMO's and everywhere on the internet now.

 

Why as a deaf person who has no needs for a mobile phone have to go and buy a mobile phone then pay for an access plan to use the mobile phone just to secure a online gaming account. And its getting worse.

 

If i buy a game or open a an account now most times i am asked for a SMS number. Now to me this is blame shifting that companies and Software developers have given up on Security. When i play i do "NOT" own anything associated with the game i just hold the rights to play it. So why should i be blamed for the lack of security on gaming ,banking accounts and in general.

 

It seems no one can see that other side but say just buy a mobile phone ,or my friend is deaf and uses a mobile phone. No this is plain wrong that blame is being shifted on too users. Its these companies who harvested email addresses are to blame and its also their fault for making people use email addresses as login accounts.

 

Its the Software companies and developers that should provide the security ,not place added stress and anxiety on those who cannot use these devices or cannot afford to pay for a device.

 

I know what the response will be already ,just go buy a phone as this what that with hearing will say. But a disabled person with deafness will say something different. I remember one of  the founders of ADAM BBS in Adelaide Stephen White who was Deaf and Dumb told me once always stand up for your rights and never back down.

 

Why is this such a taboo topic? Why is everyone keeps saying email addresses are safe?


Edited by codecreeper, 11 August 2015 - 12:09 PM.

Life is like a Straw , ...... it sucks.

 

 


#2 Xen

Xen

    Overlord

  • Atomican
  • 3,006 posts

Posted 11 August 2015 - 01:53 PM

1) For the same reason you lock your doors... the worlds a nasty place.

 

2) Because it's now expected that everyone has a mobile phone, welcome to 2015.

 

3) It's not blame shifting, its them recognizing that accounts get hacked and adding another layer of security to prevent that.

 

4) Security is everyone's responsibility, there is no blame shifting at all, what do you want them to use instead of an email address that will allow communication?

 

5) Yes they should, security is a complicated subject and in my experience security breaches generally come down to user fault hence forcing you to actually take responsibility and now allowing you to use a password like 1234 for example.

 

6) Yes, just go and buy a phone, unless you're also blind then the SMS function presents no issue for you at all.

 

7) Email addresses are safe, so are home addresses and credit card numbers... the issue is when someone knows them, and even more so if if the code to your house, credit card, email account and game account is "1234".



#3 Rybags

Rybags

    Immortal

  • Super Hero
  • 35,059 posts

Posted 11 August 2015 - 01:55 PM

Just buy a phone.  I resisted/held off on a smartphone for a few years but now wouldn't do without it.

 

Not that I put my life into it or anything like some, or do the Facebook attention-seeking shit but in between playing games, using the 'net on the go, useful apps and the odd bit of personal organisational stuff, actual voice call use would be lucky to account for 1% of the time I spend using it.

 

ed - and of that 99%er stuff, most if not all can be done without audio.

 

PS - what's the point of doing an article, no magazine to put it in?


Edited by Rybags, 11 August 2015 - 01:57 PM.


#4 codecreeper

codecreeper

    Champion

  • Atomican
  • 5,020 posts
  • Location:Adelaide, South Australia

Posted 11 August 2015 - 04:03 PM

 

3) It's not blame shifting, its them recognizing that accounts get hacked and adding another layer of security to prevent that.

 

 

Ok , why make the customer pay for their own security? Does that say the company is inept at handling security ,if so why do they still exist.

 

 

Just buy a phone.  I resisted/held off on a smartphone for a few years but now wouldn't do without it.

 

Why did you need that phone? Why for pay software then have to buy a mobile phone and also the added cost of running the phone.

 

My bank tried to force this on me in 2011 ,with the SMS code system. I was so aggro as they never gave me any options ,so i complained the Human Rights on ground of discrimination as i suffer from deafness. When complaint was laid this Bank was all over with me apologies and even provided me with a token to use. So really why is that Online Games they cannot do the same thing?

 

I paid $27AUD for a token to use with Blizzard Games ,i very rarely login now to WoW and any Blizzard game now. If IP drops and get another IP address i have squint my eyes to see a code ,mostly it takes 2 attempts. When Blizzard where the first ones to institute Email logins ,every other Gaming company followed suit.

 

So why the sudden change to make customers pay for their own security? Why is this subject never discussed. 

 

When i ever i see a site that requires a SMS authentication it causes me so much stress and anxiety that it makes me sick.


Life is like a Straw , ...... it sucks.

 

 


#5 .:Cyb3rGlitch:.

.:Cyb3rGlitch:.

    Hero

  • Mod
  • 21,368 posts

Posted 11 August 2015 - 05:16 PM

How do these companies know that it's you that is logging into the account? If someone steals your password, either through your own incompetence, or malware on your machine, these services have no way to know you from the scammer/hacker. The solution is to have a physical token. This way you need two forms of ID - something you know (your password), and something you have (your token). It's very hard for attackers to get both simultaneously.

 

So why mobiles as the token? Because almost everybody already has them. It costs nothing to receive an SMS. People already have mobiles on their person. It's convenient.

 

As we've discussed previously, you can obtain any phone that has SMS capability. People you know will almost definitely have ancient SMS capable devices lying around, and give them to you for free. Then get a PAYG SIM for a couple of dollars and you're set. It costs next to nothing, and you still have a phone handy for emergencies.

 

None of this process requires your hearing. None of this process requires significant sums of money. This is why it's never discussed.


https://en.wikipedia..._authentication


"We are a way for the cosmos to know itself." - Carl Sagan
"I do not fear death. I had been dead for billions and billions of years before I was born, and had not suffered the slightest inconvenience from it." - Mark Twain
 
An open mind is willing to consider new ideas, while provisionally accepting those backed by empirical evidence, and provisionally rejecting those without.


#6 codecreeper

codecreeper

    Champion

  • Atomican
  • 5,020 posts
  • Location:Adelaide, South Australia

Posted 11 August 2015 - 06:24 PM

How do these companies know that it's you that is logging into the account? If someone steals your password, either through your own incompetence, or malware on your machine, these services have no way to know you from the scammer/hacker. The solution is to have a physical token. This way you need two forms of ID - something you know (your password), and something you have (your token). It's very hard for attackers to get both simultaneously.

 

So why mobiles as the token? Because almost everybody already has them. It costs nothing to receive an SMS. People already have mobiles on their person. It's convenient.

 

As we've discussed previously, you can obtain any phone that has SMS capability. People you know will almost definitely have ancient SMS capable devices lying around, and give them to you for free. Then get a PAYG SIM for a couple of dollars and you're set. It costs next to nothing, and you still have a phone handy for emergencies.

 

None of this process requires your hearing. None of this process requires significant sums of money. This is why it's never discussed.


https://en.wikipedia..._authentication

 

I think the point here is being missed again, Why ? Its obvious you own a Mobile Phone.

 

So why should i pay for the added security? A Game costs what $50-100 , then i need to pay for a Mobile phone and a subscription. Is this even mentioned prior to signing up to play a game. Of course not they know it would scare a certain part of the community away ,which infringes on Discrimination laws.

 

I know all about authentication and what it is. You know Rift by Trion games has the best authentication i have ever seen and it requires no SMS or anything. All it requires is an email message. When your IP changes is sends a code ,which you cut and paste and enter it into a box in the game. After code is verified it unlocks your bags and money so you can spend it. So why cannot other games deploy this type of Authentication.

 

Its the added expense "I" have to pay for which i think is unfair. The ADA in USA specifies discrimination on this topic ,so does the UN Human Rights so why do Gaming Companies still do this.

 

Until you are deaf or have no access to a Mobile phone then you will not understand what i am saying.

 

Its called Discrimination ,no other word can define it. Not Security ,Discrimination.


Life is like a Straw , ...... it sucks.

 

 


#7 .:Cyb3rGlitch:.

.:Cyb3rGlitch:.

    Hero

  • Mod
  • 21,368 posts

Posted 11 August 2015 - 06:37 PM

You need to explain how this process affects you being deaf. I sincerely don't understand where the 2-factor process you've described requires audio feedback. Until then, we're not going to be able to sympathise with your discrimination argument. Requiring a phone is not any more discriminative than requiring an Internet subscription to play online. Both are capable of transmitting audio, both don't require you to hear it.

 

If the game enforces the need for a token, then you could investigate whether this is disclosed anywhere, and whether they have alternative methods. I'd be very surprised if there wasn't an online service that allowed you to receive SMS for free.


"We are a way for the cosmos to know itself." - Carl Sagan
"I do not fear death. I had been dead for billions and billions of years before I was born, and had not suffered the slightest inconvenience from it." - Mark Twain
 
An open mind is willing to consider new ideas, while provisionally accepting those backed by empirical evidence, and provisionally rejecting those without.


#8 codecreeper

codecreeper

    Champion

  • Atomican
  • 5,020 posts
  • Location:Adelaide, South Australia

Posted 11 August 2015 - 07:04 PM

 

Hearing loss exists when there is diminished sensitivity to the sounds normally heard.[8] The terms hearing impairment or hard of hearing are usually reserved for people who have relative insensitivity to sound in the speech frequencies. The severity of a hearing loss is categorized according to the increase in volume above the usual level necessary before the listener can detect it.

Deafness is defined as a degree of loss such that a person is unable to understand speech even in the presence of amplification.[8] In profound deafness, even the loudest sounds produced by an audiometer (an instrument used to measure hearing by producing pure tone sounds through a range of frequencies) may not be detected. In total deafness, no sounds at all, regardless of amplification or method of production, are heard.

 

OK put your Mobile phone away under lock and key along with your normal Landline phone for a month. And then answer this question that i have raised then lets see what sympathy i am talking about.  Lock away all communications by Audio and see how far you get. I dare you. Put Yourself in a deaf persons shoes.

 

Then comeback and answer me.

 

And btw one response you gave was Audio ,the other was silent based.

 

 

A telephone, or phone, is a telecommunications device that permits two or more users to conduct a conversation when they are too far apart to be heard directly. A telephone converts sound, typically and most efficiently the human voice, into electronic signals suitable for transmission via cables or other transmission media over long distances, and replays such signals simultaneously in audible form to its user.


Edited by codecreeper, 11 August 2015 - 07:05 PM.

Life is like a Straw , ...... it sucks.

 

 


#9 .:Cyb3rGlitch:.

.:Cyb3rGlitch:.

    Hero

  • Mod
  • 21,368 posts

Posted 11 August 2015 - 07:09 PM

https://en.wikipedia...Message_Service


  • Xen likes this

"We are a way for the cosmos to know itself." - Carl Sagan
"I do not fear death. I had been dead for billions and billions of years before I was born, and had not suffered the slightest inconvenience from it." - Mark Twain
 
An open mind is willing to consider new ideas, while provisionally accepting those backed by empirical evidence, and provisionally rejecting those without.


#10 Nich...

Nich...

    Professional Tart

  • Mod
  • 43,271 posts
  • Location:Mexico

Posted 11 August 2015 - 09:50 PM

What would you like to happen, instead, codecreeper?  What can I do, as a company, to counter your lack of a strong email and/or game password, or clicking on phishing emails, or not having a means of contacting you to verify you are the actual account holder?  

Why do you need to pay for mobile phone access plans, too, to use 2-step authentication on a mobile device?  What 2-step service do you personally want to use that requires sending an SMS rather than loading an authentication app on that phone?  

Why should you, as the user,  have to pay to receive mail?  You need to take in a letter from a bank or etc with your name and address on it as a proof of ID for many Government agencies.  And yet they force you to pay for a letterbox or, because those are quite insecure, a Post Office  box, just to receive mail?

Why do you think the authentication emailed by Trion for Rift is the best ever?  Is your email address unhackable?
 


"I think it is a sad reflection on our civilization that while we can and do measure the temperature in the atmosphere of Venus we do not know what goes on inside our soufflés" -- Nicholas Kurti

#11 .:Cyb3rGlitch:.

.:Cyb3rGlitch:.

    Hero

  • Mod
  • 21,368 posts

Posted 11 August 2015 - 09:52 PM

Like, 2 seconds of Googling later:

https://winauth.com/


"We are a way for the cosmos to know itself." - Carl Sagan
"I do not fear death. I had been dead for billions and billions of years before I was born, and had not suffered the slightest inconvenience from it." - Mark Twain
 
An open mind is willing to consider new ideas, while provisionally accepting those backed by empirical evidence, and provisionally rejecting those without.


#12 Xen

Xen

    Overlord

  • Atomican
  • 3,006 posts

Posted 12 August 2015 - 09:22 AM

 

 

3) It's not blame shifting, its them recognizing that accounts get hacked and adding another layer of security to prevent that.

 

 

Ok , why make the customer pay for their own security? Does that say the company is inept at handling security ,if so why do they still exist.

 

 

No it says that the company takes security seriously and is adding extra layers of security that you are responsible for.

 

It is not unreasonable to expect that people who use technology such as games to also have a reasonably current mobile device.

 

What are you expecting them todo? Change this just for you?

 

Being hearing impaired does not affect your ability to read an SMS as has already been pointed out, and you don't need credit on a phone to receive texts.

 

This is entirely a non point and just you crying discrimination when there are clear alternatives in place you can use.



#13 codecreeper

codecreeper

    Champion

  • Atomican
  • 5,020 posts
  • Location:Adelaide, South Australia

Posted 12 August 2015 - 09:35 AM

So it seems technology is faulting me as i am deaf. And need to pay for a Mobile Phone to be part of the gaming community now.

 

Great.


Life is like a Straw , ...... it sucks.

 

 


#14 .:Cyb3rGlitch:.

.:Cyb3rGlitch:.

    Hero

  • Mod
  • 21,368 posts

Posted 12 August 2015 - 10:49 AM

No, it seems that you just want to whinge. We already posted free non-audio alternatives in this thread, explained why they're neccissary for security, and bothered to reply at all given this discussion had been had multiple times before.

In response, instead of giving us feedback on these solutions, you mindlessly jump back to your default position regardless of how relevant it is.

We're trying to help you, but you're completely disinterested.

Seek First to Understand, Then to Be Understood.

"We are a way for the cosmos to know itself." - Carl Sagan
"I do not fear death. I had been dead for billions and billions of years before I was born, and had not suffered the slightest inconvenience from it." - Mark Twain
 
An open mind is willing to consider new ideas, while provisionally accepting those backed by empirical evidence, and provisionally rejecting those without.


#15 codecreeper

codecreeper

    Champion

  • Atomican
  • 5,020 posts
  • Location:Adelaide, South Australia

Posted 12 August 2015 - 12:10 PM

I am not whinning or making a noise just to be heard. Its a general concern that SMS is causing me problems.

 

And its probably not only myself feeling the same way.


Edited by codecreeper, 12 August 2015 - 12:42 PM.

Life is like a Straw , ...... it sucks.

 

 


#16 Nich...

Nich...

    Professional Tart

  • Mod
  • 43,271 posts
  • Location:Mexico

Posted 12 August 2015 - 01:11 PM

Nice edit.

 

How is SMS causing you problems?  Why is SMS the only option here?


"I think it is a sad reflection on our civilization that while we can and do measure the temperature in the atmosphere of Venus we do not know what goes on inside our soufflés" -- Nicholas Kurti

#17 fredzfrog

fredzfrog

    Guru

  • Hero
  • 12,597 posts

Posted 16 August 2015 - 07:30 PM

They could use sms a lot... picture messaging, faectime, video call, facebook, twitter, instagram, pretty much every feature except voice call.
just like theres brail versions of most texts, or screen readers on pc for the blind.

According to facebook tho, with the deluge of "share this for luck" "mars will be as big as the moon!" and "this month has 5 fridays saturdays and sundays! it only happens every 815 years!" posts, there is no help for "Stupid"
.

Why as a deaf person who has no needs for a mobile phone have to go and buy a mobile phone then pay for an access plan to use the mobile phone just to secure a online gaming account. And its getting worse.

Increases your chance of love by 75.3%

#18 codecreeper

codecreeper

    Champion

  • Atomican
  • 5,020 posts
  • Location:Adelaide, South Australia

Posted 18 August 2015 - 09:38 AM

https://www.guildwar...t-your-account/

 

I am going to put a list up of sites that are now forcing sms or trying to force this issue.

 

As i find them i will put them up here.


Life is like a Straw , ...... it sucks.

 

 


#19 Xen

Xen

    Overlord

  • Atomican
  • 3,006 posts

Posted 18 August 2015 - 11:39 AM

https://www.guildwar...t-your-account/

 

I am going to put a list up of sites that are now forcing sms or trying to force this issue.

 

As i find them i will put them up here.

 

Thank's its nice to know what sites are taking active measures to protect users accounts.



#20 Nich...

Nich...

    Professional Tart

  • Mod
  • 43,271 posts
  • Location:Mexico

Posted 18 August 2015 - 08:33 PM

A list will be useful as far as compiling lists goes, but you're probably a bit behind the ball of eg https://twofactorauth.org/

 

You may also still need to join the dots together (for some of us) on why you think it's a bad idea and can't make use of it, and why your specific use-case should be respected by big companies engaging in security overhauls to enable 2FA.


"I think it is a sad reflection on our civilization that while we can and do measure the temperature in the atmosphere of Venus we do not know what goes on inside our soufflés" -- Nicholas Kurti




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users