On Friday 08 October 2021 at 13:31:08, ael via Dng wrote:
> On Fri, Oct 08, 2021 at 09:28:08AM +1100, terryc wrote:
> > Hello folks
> >
> > Since it is topical:2FA
> >
> > So any recommendations for software and cluebies?
> >
> > For 2FA, all I need is a text message receiver. Others may want the
> > whole headset backend. Any clues/experience?
>
> In UK at least, some providers have an option to do 2FA using a
> landline/SIP 'phone (with a PTSN gateway). Usually they sent a
> automated voice message asking for a number displayed on a webpage
> to be entered on the keypad. Others send the code directly via
> an audio message instead of a text. No smartphone needed.
>
> Pressure the companies to do the same?
In my opinion, all companies should (be able to) offer an alternative means of
authentication, if only for reasons of disability / accessibility, where not
all people are able to use a screen captcha / smartphone / telephone / etc.
For example, in Germany, Deutsche Bank switched a few years ago from using
One-Time Pad Transaction Authentication Numbers to presenting a QR-code style
(it's different, but it's the same idea) image on the screen when you're
performing a transaction, and you either need a smartphone with a camera and
the DB app installed, to read the code and show you the numbers on the
smartphone screen, which you then type into the web page you are doing the
transaction on, or you do the same thing with a specialised device which you
buy from DB for €15 instead of using the smartphone and app.
Neither of these works effectively for a blind user, so there is an (almost
totally un-advertised) alternative where they will send a text message instead
(knowing that blind people can generally manage to receive and read a text
message by one means or another).
It's still not entirely ideal, but it is at least an alternative, but you have
to really ask to find out that it even exists.
Antony.
--
"There is no reason for any individual to have a computer in their home."
- Ken Olsen, President of Digital Equipment Corporation (DEC, later consumed
by Compaq, later merged with HP)
Please reply to the list;
please *don't* CC me.