• Hakko (unregistered)

    Frist?

  • Alistair (unregistered)

    The singular of alumni is alumnus (or possibly alumna).

  • ApoY2k (unregistered)

    "Part of it is because until (relatively) recently, a lot of Internet 2FA systems used text messages, and I generally don't like paying for text messages."

    Why would you have to pay for receiving text messages?! WTF?

  • J. (unregistered)

    TRWTF is TFA that can be enabled without confirmation from the required security token.

  • dopefish (unregistered) in reply to ApoY2k

    This actually used to be common practice in the early days of text messaging. SMS messages were sent out-of-band with the rest of normal cellular communications, on the command channel. Therefore, to squeeze that extra buck out of everyone's pocket - er, excuse me, to "cover the operating cost of the limited out-of-band resource" - both the sender and the receiver would have to pay for the message.

  • ApoY2k (unregistered) in reply to dopefish

    Well okay I can understand that. But was F2A even a thing when this was still common practice?!

    I guess it depends on your definition of "until relatively recently" becase in my (albeit with 28 years probably comparatively short) lifetime I have never heard of anyone needing to pay to receive text messages.

  • Pénélope Blossom (github) in reply to ApoY2k

    There's still a number of operators who do this on low-end plans. Like t-mobile, or even the ACA tracfone thingies; each sms received is deducted from the allotted time or money you have on your plan. It's a nightmare for low-budgets, since most spam messages and calls are deducted from it.

    Addendum 2017-02-09 07:57: s/operators/providers/g

  • Remy Porter (google)

    I'd have to add texting to my plan if I wanted to receive messages without paying per-message. Sure, it'd only raise my bill by a few bucks a month, but I use texts so infrequently that it's usually cheaper for me to pay the a la carte rate.

  • PieterB (unregistered)

    That's a big difference between Europe and the US. In Europe the receiver of a text never had to pay, al "costs" were paid for by the sender.

  • ApoY2k (unregistered) in reply to PieterB

    Yeah, that's probably it, and also the reason why I have never heard of this.

  • Nick (unregistered) in reply to ApoY2k

    Paying for receiving text messages is an Americanism left over from the days when mobile phones were assigned a dialling code related to the area they were issued in (I don't know if this is still the case or not). Someone could, for example, think they are calling/texting a local number but the actual mobile phone might be on the other side of the country. As I understand it, the owner of the mobile phone ends up paying the long-distance charges while the original caller pays the local charges.

    Over here in the UK, all mobile phone numbers start 07 so you know who your calling/texting and it doesn't matter where the phone is. Of course that means that calls to a mobile phone next door are more expensive than calls to the landline next door, but then they'll always find a way to squeeze money out of you.

  • Brian Boorman (google) in reply to Nick
    As I understand it, the owner of the mobile phone ends up paying the long-distance charges while the original caller pays the local charges.

    You understand it wrong. Text messages were either included in your plan (X number of messages for Y dollars per month) or you paid per received message (ranged from 10 cents to 25 cents per message depending on carrier). There was no local/long distance rate difference. Now almost all mobile plans include unlimited messaging.

  • bvs23bkv33 (unregistered) in reply to Alistair

    alumna is singular of alumnae, not of alumni

  • Don (unregistered)

    Yep, sounds fun. I've had a critical business project fail because I was told in no uncertain terms that I would be using software that we hadn't tested before, and any questions I asked were met with "we'll hold them accountable". Ok... bear in mind I originally asked for five days including weekend time to do the changes in a structured manner, ensuring minimal outage and impact. The software was meant to be rock-solid, done in a maximum of 18 hours.

    It failed so spectacularly that the business ground to a halt for several days while my team and I ran around practically on fire trying to get things fixed. That "we'll hold them accountable"... yeah, no, sorry I ended up being accountable.

    I get it, you need to discredit me and create a niche for yourself, but... pure underhanded scum behavior right there.

  • Medinoc (nodebb)

    This reminds me of the old adage "Any feature you can't opt out from is a bug."

  • That one guy (unregistered) in reply to Alistair

    Alumnus--male singular Alumna--female singular Alumnae--female plural Alumni--male or gender-neutral/mixed gender plural

  • Burner (unregistered) in reply to ApoY2k

    Wife has a T-Mobile pay as u go that charges ten cents per msg received.

  • Avium (unregistered) in reply to Nick

    When SMS was rolled out over here, the carriers were allowed to charge per message (10-25 cents) to recoup the original cost of the infrastructure. Of course, as with any company, they're not going to voluntarily stop charging for something even though they've long since covered the costs.

    Another thing to note that is different in North America is that local calls are free. We pay a fee for the phone line and that fee covers the cost of local calls.

    For a mobile phone receiving calls, the caller doesn't pay anything (assuming it was a local number) but the receiving mobile may have roaming charges based on where the are and which network they are currently using.

  • Bruce W (unregistered)

    Ah WordPerfect for DOS... I probably still have the function key template in a box in my garage...

  • Oldie (unregistered)

    You are, of course, describing exactly what happened with the U.S. Social Security website.

  • Foo AKA Fooo (unregistered) in reply to Pénélope Blossom

    Seems like the perfect blackmail opportunity. Send me $10 or I'll drain your account with a spam of texts that I can send for free.

  • Randal L. Schwartz (google)

    And don't forget that in the US, for a cellphone to cellphone call, both the caller and the called party pay.

  • kurkosdr (nodebb)

    There is a simple solution to the problem:

    "Get yourself a cheap Nokia feature-phone for the price of a medium-sized PizzaHut and a SIM card, and then give us the phone number so you can receive 2FA texts by next week, or get locked out of your account."

    But noo... you can't just "force" people to do the right thing. You have to bend over backward to their whims and quirks. it's the progressive/tolerant way.

    It's the same reason people are allowed to take ID photos while having their whole face covered by some religion-related piece of cloth (maybe except for the eyes). Never mind this negates the very purpose of having an ID photo... Every whim should be "accommodated" and procedures must be compromised lest someone's feelings(tm) and sensitivities(tm) get offended. You don't want those Liberal Arts professors who run the western world outside your door or saying bad things about you to your boss/superior.

  • David (unregistered)

    kurkosdr, all your whining about progressives aside, you miss the fact that IT works for those professors. The people on the bottom don't get to force people to do the right thing. Yes, you have to bend over backward for the whims and quirks of the people on top, the people who bring in the money. Progressive and tolerant societies are where that's minimized; a good old-school feudalism can have your head chopped off for their slightest whims.

  • Anonymous (unregistered)

    Re: alumn\w+ It's also possible that the definite article is a typo. Maybe the building is named after several people. Like Ray+Maria or Ida+Cecil.

  • Brian Boorman (google) in reply to kurkosdr
    "Get yourself a cheap Nokia feature-phone for the price of a medium-sized PizzaHut and a SIM card, and then give us the phone number so you can receive 2FA texts by next week, or get locked out of your account."

    That's bullshit. If I need a phone in order to do my job, the company provides it and pays for it.

    My company doesn't provide phones nor reimburse employees for calling plans. Because of that I:

    1. ... do not let my employer know my cell phone number. Boss can't call me away from work.
    2. ... do not use my smartphone to access my work email account. I refuse to do so on the grounds that I would have to install a Mobile Device Management (MDM) app that would let them wipe my phone remotely. I don't think so.
    3. ... do not use my phone to install the VPN virtual-token App.
    4. ... made them give me a physical token for VPN access for those times I might need to work remotely (e.g. to stay home with a sick kid)
  • kurkosdr (nodebb) in reply to Brian Boorman

    " My company doesn't provide phones nor reimburse employees for calling plans. "

    Translation:

    "Whaaa! Whaaa! The company won't give me a free phone. Other kids are getting one from their companies and I must have one too. Sure, they pay me thousands of dollars every month and the cost of a phone is lower than my daily commute, but I will not let this come to pass. I won't use the phone I already have."

    I understand not installing the MDM app on a phone that isn't company property, but the other points are ridiculous.

  • kurkosdr (nodebb) in reply to David

    "you miss the fact that IT works for those professors"

    They raised the issue to whoever people are on top of those professors in that conference room, and those people in turn should have had the guts to say to those professors that if you are raking in thousands of dollars as a university professor, you can probably afford to buy a cheap Nokia feature-phone and a prepaid SIM on order to receive 2FA texts. They didn't, they decided to pander to the whims of liberal arts professors and other morons who want their emails printed out by a secretary and don't own a phone out of principle(tm) or because they think the university should pay it or whatever. Eventually, their attempt to pander to every whim lead to 2FA being cancelled altogether. Excellent.

    And this is what's wrong with the Western World. Pandering to the whims of idiots from fear of being called "intolerant" and "authoritarian" and not getting stuff done as a result.

  • NoLand (unregistered) in reply to kurkosdr

    "They raised the issue to whoever people are on top of those professors in that conference room, and those people in turn should have had the guts to say to those professors (...)"

    Where I live, the principal of a major university ranks in protocol same as the archbishop. Then, in order of protocol, follow the dean and the tenure professors. Now compare this to, "The Technology Council met in one of the administrative conference rooms (...)". This reads in context much like, "The ministers gathered in the broom closet of the local church to make the archbishop do whatever they wanted him to do." ;-)

  • Gerry (unregistered) in reply to PieterB

    Make that "most of the World", not Europe. Certainly free in New Zealand - but the caller/sender is charged. They will know that they are calling a cell phone, as all mobile numbers start with "02".

  • Anonymous (unregistered) in reply to kurkosdr

    You're a dumbass. It's not the cost, it's the contractual obligation. If they want me to have a phone they must provide it per some employment contract so that there is a clear legal agreement as to my rights and responsibilities. Salary is irrelevant.

    Also, if you think it's liberal arts professors who would be refusing to use 2FA on a smartphone you'd be dead wrong. IME most of them are relatively young and use iPhones. It's the older, science professors who haven't moved on. Are you perchance one of those assmad MGTOW folk? Rhetorical question, catch you on r/The_Donald, permavirgin.

  • Simon (unregistered) in reply to Gerry

    Yeah, the US is the only place I've ever heard of customers being charged to receive SMS or receive calls - with the exception of international roaming, where the customer pays the roaming charges for both inbound and outbound.

  • Zemm (nodebb) in reply to kurkosdr

    Sure, they pay me thousands of dollars every month and the cost of a phone is lower than my daily commute, but I will not let this come to pass. I won't use the phone I already have

    Having that stuff on your phone makes it and its plan (partly/mostly) tax deductible, so there are still financial advantages there.

    I used to have my mobile phone number in my email signature. The only time someone called me was when she found out I was away from the office because my wife had given birth and she wanted to congratulate me. I guess I'm lucky. My current job I was strongly urged to not add my number!

  • Merus (unregistered)

    As someone in an equivalent position to Derek (although thankfully with a much freer hand when it comes to purchasing), I have spent some time cultivating relationships. This is entirely because I cannot be responsible for the stupid-ass decisions the university might make but I have to deal with them, so if they do something particularly stupid, I know who to talk to in order to find out who's door I have to kick down.

    The fact I can probably get away with this is because in an institution like ours, competence counts for a lot.

  • doubting_poster (unregistered) in reply to PieterB

    That's not true, not even in the Netherlands specifically... When SMS first was a thing back in the 90's, both sender and receiver paid. The first WAP implementations had the same cost scheme, which made it ridiculously expensive. There wasn't much difference with current data plans - you pay for the bandwidth, up and down.

  • kurkosdr (nodebb) in reply to Anonymous

    "Are you perchance one of those assmad MGTOW folk? " No.

    "Rhetorical question, catch you on r/The_Donald, " No. (I am libertarian and not even a US citizen, but even if I was a US citizen I would vote for Gary Johnson)

    "permavirgin." Also no.

    So yeah, you got 3 out of 3 wrong.

    I just find it WTF that stuff won't get stuff done just because some professor wants his emails neatly printed out or because some liberal arts professor won't use cellphones (because "their radio waves are doing bad things to animals", on second thought your local breed of liberal arts/philoshopy/leftard professor may be OK with cellphones) and instead of telling those people to grow up, we have organizatons pander to every little whim of every little prick who has sensitivities(tm) and ideologies(tm) to make himself feel important and special. It's the same thing with ID photo. "look at me covering my face with a religion-related cloth, I am holier-than-thou". In most cases I don't mind (I don't care if some person wants to be holier-than-thou), but when their nonsense compromises my security because it results in a useless ID photo and creates a security hole, I do. That's why people should be told to grow up an put their sensitivities(tm) and ideologies(tm) aside when stuff needs to get done.

  • MoSlo (unregistered) in reply to kurkosdr

    Can't get no cheap Nokia phones. It’s a capital expense, see?

    Also, get yourself a cookie. It'll make you feel better.

  • kurkosdr (nodebb)

    "Can't get no cheap Nokia phones. It’s a capital expense, see?"

    So are the clothes and shoes you wear to work. I mean, you could go to the grocery store with your workout clothes and your trainer shoes so, if you only need those non-workout clothes to go to work they are a... capital expense!

    And before you ask "who has only workout clothes", I will reply "who doesn't have a cellphone capable or receiving texts today?"

    Stop whining and deal with the fact you may need to have a minimum of personal items (non-workout clothes and shoes and a cellphone) to go to work. And spend a minimum amount of money (if just for your commute and your lunch break)

    Of course, most people have a cellphone already, it's idiots with ideologies(tm) ("their radio waves do bad things to animals") and eccentrics who don't. The world has no obligation to bend over backward to their whims or approve a whole new capital expense for those few people. Just like they do not approve a new capital expense for non-workout clothes. Or work lunches. Or commute.

  • NoLand (unregistered) in reply to kurkosdr

    TWTF is still pushing for something without having a (roll-out) plan and without considering feasibility (technical, like shipping times for security tokens, as well as social factors, or even organizational ones, like agreeing on a protocol for those who aren't handling their stuff on their own and are relying on some kind of agency). This is the problem with "authoritarian" approaches. Then, of course, when the "great plan" doesn't stand the reality test, it's whims, quirks and morons (who didn't jump to the rescue — why should they? — and fill the gaps in the "great plan") …

  • kurkosdr (nodebb) in reply to NoLand

    I agree that the rollout was poorly executed, but the fact they went down the path of trying to pander to every eccentric wanting the 2FA code being sent the way he wants was a recipe for disaster. Aka, there was no way they could have executed this properly because they decided to go down the path of having a different 2FA delivery mechanism for every idiot, instead of deciding on two or three methods and telling everyone to pick one or lose access to their account, period. If you don't have email you check yourself (instead of having it printed it out), you should own a cellphone.

  • Medievalist (unregistered) in reply to kurkosdr

    If you want high quality employees, you treat them with respect.

    But if you want to run the Company Store model, and whine like a little baby about the decline of western culture because workers don't lick their masters' boots the way you want them to, the high quality workers will go elsewhere, and you can cry bitter tears in your squalid Company Town about how Americans are all weak and girlish.

    Me, I'll laugh all the way to the bank. I don't own a cell phone, and I don't need to own one; my skills and integrity guarantee me 100% employment without licking any master's boots.

  • Daniel Meyer (unregistered)

    I hope your bank still has the funds. The more factors, the more difficult it is to have them. Shouldn't write them down, that's leaving the key under the mat. Shouldn't leave them on your PC, that's the first place they will look. The more a resource is shared the less security it has. The more security it has the more vulnerable you are to administrators. Administrators by their nature are the worst possible choice for managing security (cough Snowden cough). The more difficult the process, the more likely people will simplify it. If you can check your security files you will find redundancy. People aren't all that creative. Screening simple factors puts further limits on the universe available, redundancy is the same. Think of it as the twit factor. Once the twit leaves the door unlocked all your effort was in vain. Once the twit is locked out they will leave the door unlocked.

  • Dean Colpitts (unregistered) in reply to ApoY2k

    You guys obviously don't deal with Bell Canada... My wife's iPhone is a prime example. She is on a grandfathered plan that has zero text messages, and is relatively lowly priced. If I add text messaging to her account, we lose the grandfathered price and her monthly plan goes up by at least $35...

  • NoLand (unregistered) in reply to kurkosdr

    I think you have to consider what it's all about: Universities are in their substance complex communication processes (the houses and tenures are just built around that) and they have evolved a rich tradition over centuries (actually, since the 1200s). They have, in fact, invented multiple factor security in communication processes, like in peer processes, collegiate decisions, etc. Now, the job of the technical staff is really all about facilitating the needs of these processes, not in dictating them. If you can't show up with a scheme that's viable for this special purpose, you haven't a scheme at all. There is no point in demanding those, who should be served, to bow and to fill the gaps at their own expenses. (And, by the way, I guess there isn't much gained, with two factors by passwords and TANs for sensible processes already in place, by adding a rather insecure third factor by text messages, which are easy to intercept and to manipulate for any third party. — And, if you're using the same smart device for all of this, it's yet a single factor all along: If own your phone, I own your credentials. — In the light of the cultural background of a university this may be regarded just as another folly that might be overcome next year. It really depends on the mindset.)

  • NoLand (unregistered) in reply to kurkosdr

    To add an example: Let's say, one of the guest docents is Henry Kissinger. He's famous, he's an elderly statesman, his lecture is a viable asset to the university, which the university is proudly advertising, he's 92 years old — and, thence, he probably doesn't use a cell phone (not to mention a smart device of your preferred make). — Are you going to make H.K. to buy and use a mobile phone? Probably not. If you had your will and it were mandatory, would he consider this worthwhile to continue his lecture? Probably not. Would the university be interested in having him around? You may bet on this.

  • Scarlet_Manuka (nodebb) in reply to kurkosdr

    they decided to pander to the whims of liberal arts professors and other morons who want their emails printed out by a secretary and don't own a phone out of principle(tm) or because they think the university should pay it or whatever.

    And who's going to train them to use these phones? My mother and my mother-in-law both recently upgraded from feature phones to smart phones. I gave them both a run down on how to do basic tasks (lock and unlock the phone, add contacts, make and receive calls, send and receive text messages), and they both needed a followup session because they couldn't remember parts of it. And these are people who are already used to phones, just not to Android phones. We've seen here before that there's a certain type of university professor who won't listen to instructions because they know they must be smarter than you; I shudder to think how that would play out.

    I will reply "who doesn't have a cellphone capable or receiving texts today?"

    Quite a few of my older relatives, who simply don't need one. (Personally, I only got one because it was necessary for work, though it's proved useful since.) Also, my youngest daughter, but we keep telling her she'll have to wait until she graduates primary school, just like her older sibs had to :)

    the cost of a phone is lower than my daily commute

    My daily commute is about $8. And no, free phones on a contract don't count unless you add in the cost of the contract. Here, at least, there aren't many cheap options, even if you almost never use the phone - if you want the potential to make or receive calls, you have to pay for network access. This has actually improved a lot in recent years; the two biggest operators still won't let you get away with anything under $30 for six months, but smaller ones will do $10 for a year now.

    Still, I'd hate to be on the support call when they run out of credit and can't get their 2FA texts any more.

  • gnasher729 (unregistered) in reply to Daniel Meyer

    What is stupid is to make it mandatory to sign up for two-factor authentication when the person in question cannot handle it. The obvious order would be: Ask user for phone number. Given the phone number, send a code to the phone. Let the user enter the code from their phone. Thus having demonstrated that two-factor authentication works for them, it can be turned on. Before that it should not be turned on.

    How you handle people not signed up to it is a policy that can be changed at any time.

  • Duke of New York (unregistered)

    I can't believe the nerve of this so-called IT admin when there are so many bad dudes trying to get into the network. Terrible!

  • DWalker07 (unregistered)

    I am a computer programmer, and I choose not to have a cell phone. I have 5 computers, but no cell phone. I don't want one. And I'm not "old".

  • Crunger (nodebb) in reply to kurkosdr

    [quote=kurdosr]

    I agree that the rollout was poorly executed, but the fact they went down the path of trying to pander to every eccentric wanting the 2FA code being sent the way he wants was a recipe for disaster [/quote]

    The only eccentrics who caused 2FA to fail were the non-planners, who thought they could wave a wand and the desired change would magically happen.

    People are responsible for their own commute and clothing (in most jurisdictions), but if I had to keep piling on new monthly expenses every time top management fubars a plan, I could not afford to work. Nobody could.

Leave a comment on “The Second Factor”

Log In or post as a guest

Replying to comment #:

« Return to Article