1. Forum
  2. Usenet
  3. COMP.MOBILE.ANDROID

  • We wiill send you a code

    From micky@21:1/5 to All on Mon Jun 9 11:18:12 2025
    I'm seeing more and more webpages that, after entering my userid, want
    to send me a code to log in to the page. For a computer user, this is
    just silly, when he could have stored his password so that it pops right
    up, without going to read a text or email. And using one's password
    always has been the second option

    So I'm thinking this change must have come about because of smart
    phones, right?? And that implies it's harder to save password in smart
    phones than in computers. Is that so, and why? And why have they not
    fixed it?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From AJL@21:1/5 to micky on Mon Jun 9 16:56:42 2025
    On 6/9/25 8:18 AM, micky wrote:
    I'm seeing more and more webpages that, after entering my userid, want
    to send me a code to log in to the page. For a computer user, this is
    just silly, when he could have stored his password so that it pops right
    up, without going to read a text or email. And using one's password
    always has been the second option

    My sites give me an option of remembering the device so I only have to do it
    once on the first use. But if you're using someone else's device you won't
    want to do it for security reasons.

    So I'm thinking this change must have come about because of smart
    phones, right?? And that implies it's harder to save password in smart
    phones than in computers. Is that so, and why? And why have they not
    fixed it?

    For non-sensitive sites I let Google remember and insert my passwords.
    Easy-peasy. And if you're a Google paranoid there are several other
    password managers available...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Carlos E.R.@21:1/5 to micky on Mon Jun 9 21:12:00 2025
    On 2025-06-09 17:18, micky wrote:
    I'm seeing more and more webpages that, after entering my userid, want
    to send me a code to log in to the page. For a computer user, this is
    just silly, when he could have stored his password so that it pops right
    up, without going to read a text or email. And using one's password
    always has been the second option

    This is a fashion of 2FA, if i understand your description.


    --
    Cheers, Carlos.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From micky@21:1/5 to [email protected] on Wed Jun 11 07:03:21 2025
    In comp.mobile.android, on Mon, 9 Jun 2025 21:12:00 +0200, "Carlos E.R." <[email protected]d> wrote:

    On 2025-06-09 17:18, micky wrote:
    I'm seeing more and more webpages that, after entering my userid, want
    to send me a code to log in to the page. For a computer user, this is
    just silly, when he could have stored his password so that it pops right
    up, without going to read a text or email. And using one's password
    always has been the second option

    This is a fashion of 2FA, if i understand your description.

    But why would the person whose account it actually is want to use 2FA,
    when he can just click and his saved password will fill the password
    field, rather than have them either send a text or email, have to go the
    text or email, copy, go back to the webpage, and paste it. He's knows
    it's his account, or if he's logging into someone else's account then he doens't care that it's not his. If they let someone just use a password
    and he knows the password, why would he not just use the password? It's
    so much simpler and quicker.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From AJL@21:1/5 to micky on Wed Jun 11 16:03:30 2025
    On 6/11/25 4:03 AM, micky wrote:
    In comp.mobile.android, on Mon, 9 Jun 2025 21:12:00 +0200, "Carlos E.R." ><[email protected]d> wrote:

    On 2025-06-09 17:18, micky wrote:
    I'm seeing more and more webpages that, after entering my userid, want
    to send me a code to log in to the page. For a computer user, this is
    just silly, when he could have stored his password so that it pops right >>> up, without going to read a text or email. And using one's password
    always has been the second option

    This is a fashion of 2FA, if i understand your description.


    But why would the person whose account it actually is want to use 2FA,

    So a PERP knowing your password can't use HIS device to log into YOUR
    account.

    when he can just click and his saved password will fill the password

    That's the reason for 2FA: More security for YOUR accounts. A password
    manager provides convenience and some security with better made up
    passwords but if your password is ripped off at the website, a fancy long
    password won't help much...

    field, rather than have them either send a text or email, have to go the
    text or email, copy, go back to the webpage, and paste it.

    MY accounts only require using 2FA one time per account per device. Once an
    account certifies that the device is mine (and not some perp trying to get
    in using his device), from that point on no more 2FA is required on THAT
    ONE device.

    It then depends on the site if a password is still required when using a 2FA
    certified device. For me some sites (like Amazon) no longer even require
    using a password and others (like banks) still do. But no more 2FA.

    There may be some high security sites that REQUIRE using 2FA every time but
    I've never seen one. However some sites allow you to set using 2FA every
    time if you want the extra security.

    He's knows
    it's his account, or if he's logging into someone else's account then he >doens't care that it's not his. If they let someone just use a password
    and he knows the password, why would he not just use the password? It's
    so much simpler and quicker.

    So if you're having to use 2FA more than ONCE per account per device, you're
    likely doing something wrong, but don't complain, 2FA is a good thing...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Arno Welzel@21:1/5 to All on Fri Jun 13 09:39:33 2025
    micky, 2025-06-11 13:03:

    In comp.mobile.android, on Mon, 9 Jun 2025 21:12:00 +0200, "Carlos E.R." <[email protected]d> wrote:

    On 2025-06-09 17:18, micky wrote:
    I'm seeing more and more webpages that, after entering my userid, want
    to send me a code to log in to the page. For a computer user, this is
    just silly, when he could have stored his password so that it pops right >>> up, without going to read a text or email. And using one's password
    always has been the second option

    This is a fashion of 2FA, if i understand your description.

    But why would the person whose account it actually is want to use 2FA,
    when he can just click and his saved password will fill the password
    field, rather than have them either send a text or email, have to go the
    [...]

    To make sure, that the account is protected even if someone has stolen
    the password. That's the idea of 2FA.

    --
    Arno Welzel
    https://arnowelzel.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Arno Welzel@21:1/5 to All on Fri Jun 13 09:38:36 2025
    micky, 2025-06-09 17:18:

    I'm seeing more and more webpages that, after entering my userid, want
    to send me a code to log in to the page. For a computer user, this is
    just silly, when he could have stored his password so that it pops right
    up, without going to read a text or email. And using one's password
    always has been the second option

    This is called "second factor" and became quite common, since passwords
    are usually not very secure in the way how many people use them. As long
    as you did not switch to Passkey or add a second factor like TOTP, many websites now use "has access to the given e-mail account" as a
    substitute for this - even though this might be compromised as well.

    So I'm thinking this change must have come about because of smart
    phones, right?? And that implies it's harder to save password in smart
    phones than in computers. Is that so, and why? And why have they not
    fixed it?

    No, it is just because insecure online services exist, where user
    account information including passwords or weak password hashes based on
    MD5 etc. get stolen. Also using password managers is not that common as
    it should be.

    --
    Arno Welzel
    https://arnowelzel.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From micky@21:1/5 to [email protected] on Tue Jul 1 08:15:22 2025
    In comp.mobile.android, on Fri, 13 Jun 2025 09:39:33 +0200, Arno Welzel <[email protected]> wrote:

    micky, 2025-06-11 13:03:

    In comp.mobile.android, on Mon, 9 Jun 2025 21:12:00 +0200, "Carlos E.R."
    <[email protected]d> wrote:

    On 2025-06-09 17:18, micky wrote:
    I'm seeing more and more webpages that, after entering my userid, want >>>> to send me a code to log in to the page. For a computer user, this is >>>> just silly, when he could have stored his password so that it pops right >>>> up, without going to read a text or email. And using one's password
    always has been the second option

    This is a fashion of 2FA, if i understand your description.

    But why would the person whose account it actually is want to use 2FA,
    when he can just click and his saved password will fill the password
    field, rather than have them either send a text or email, have to go the >[...]

    To make sure, that the account is protected even if someone has stolen
    the password. That's the idea of 2FA.

    It took me 17 days and more than one read but I get it now. Thank you
    both.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)