I fucking hate website security measures

submitted by IMissPorn from (self.technology)

Do you know how many times I've had an account stolen? Zero times.

But I have on multiple occasions been randomly locked out of accounts, sometimes irrecoverably, despite knowing my username and password. It's always "we don't recognize you", "suspicious activity" or some shit. A username and password and an optional recovery email is all the security any website needs.

If you're a bank, okay maybe you can justify being extra careful. At least I know I can walk into my back to sort it out in person if need be. But for anything less sensitive than that it's retarded. As a user, losing access to my account due to haywire security systems is a much bigger threat than account theft and it needs to stop.

all 5 comments
sorted by:
top
newinsightfulfun

[–]Myocarditis-Man 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (1 child)

Like so many things on the Internet today, it is probably about funneling more of your data to Facebook and Google than building a better product or running a better service.

https://www.theverge.com/2023/3/11/23635518/cerebral-patient-data-meta-tiktok-google-pixel

[–]IMissPorn[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Yeah. Some big site (I think it was Facebook) got caught asking for phone numbers "only for security purposes", and then using it for other things. Maybe they've stopped, they did catch a lot of flack for it, but I see no reason to trust them or any site asking for that information.

[–]cant_even 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I absolutely refuse to deal with any business requiring 'smartphone'-based "2FA", including my 'smartphone' carrier, who can't even be bothered to provide a cellphone signal to my house.

Good luck using your US 'smartphone' on an overseas network to get a "2FA text".

Also, more than 75% of the 'texts' I do get are blatant phishing attacks depicting:

  1. "suspicious activity" for some business I don't patronize
  2. 'Your [account I don't have] is locked! Click this link NOW!!'
  3. "We need your login to release your package!!"

[–]ID10T 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Haha as a developer you are so wrong. You know why you've have zero accounts stolen? Because of security measures like two factor authentication.

If an account can't be recovered with a recovery email or phone number then that's an issue with that specific site, but is that really common for you? You get locked out of accounts often?

[–]IMissPorn[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Depends on what you consider often I guess. But it's way more than zero times. If they balanced the security level properly they should happen about equally often. Maybe other people have accounts stolen more often, I donno. How about they add a checkbox for "I'm an ID10T who can't use a strong unique password, please lock me out at the drop of a hat"? That way users could customize the threat model for their own needs.