this post was submitted on 03 Jan 2024
826 points (94.0% liked)

Technology

60047 readers
2815 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Hope this isn't a repeated submission. Funny how they're trying to deflect blame after they tried to change the EULA post breach.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 35 points 11 months ago (1 children)

What should it do? It should ask you to confirm the login with a configured 2FA

[–] capital 22 points 11 months ago (3 children)

Yeah they offered that. I don’t think anyone with it turned on was compromised.

[–] rainerloeten 22 points 11 months ago* (last edited 11 months ago) (2 children)

This shouldn't be "offered" IMHO, this should be mandatory. Yes, people are very ignorant about cyber security (I've studied in this field, trust me, I know). But the answer isn't to put the responsibility on the user! It is to design products and services which are secure by design.

If someone is actually able to crack accounts via brute-forcing common passwords, you did not design a secure service/product.

[Edit: spelling]

[–] [email protected] 28 points 11 months ago (3 children)

I've noticed that many users in this thread are just angry that the average person doesn't take cybersecurity seriously. Blaming the user for using a weak password. I really don't understand how out of touch these Lemmy users are. The average person is not thinking of cybersecurity. They just want to be able to log into their account and want a password to remember. Most people out there are not techies, don't really use a computer outside of office work, and even more people only use a smartphone. Its on the company to protect user data because the company knows its value and will suffer from a breach.

[–] [email protected] 2 points 11 months ago (1 children)

You're right, most people either don't care, or don't even know enough to care in the first place.

And that's a huge problem. Yes, companies have some responsibility here, but ultimately it's the user who decides to use the service, and how to use it.

[–] TheActualDevil 4 points 11 months ago (1 children)

don’t even know enough to care in the first place.

but ultimately it’s the user who decides to use the service, and how to use it.

So you admit they don't have access to the knowledge needed to make better choices for their digital security. Then immediately blame them. I think your bias from the point of view of a one that is already more informed on this sort of thing. If they don't know they need to know more, how can they be expected to do any research? There's only so much time in a day so you can't expect people to learn "enough" about literally everything.

[–] [email protected] 3 points 11 months ago

I don't intend to blame them, I'm just making an observation.

The fact that they don't know is a problem in itself too, and spreading awareness about cybersecurity and teaching general tech literacy and common sense is not done as much as it should be.

It's exactly like you say. They don't know, and how would they? No one is ever giving them the information they need.

[–] rainerloeten 1 points 11 months ago (1 children)

That's exactly right. I was about to say how people usually don't even "not take it seriously" but rather don't even think or know about it. But you already said that yourself haha :D

[–] CoggyMcFee 3 points 11 months ago* (last edited 11 months ago) (1 children)

Or, worse, they don’t even understand it. I definitely have people in my life who know about the idea of cybersecurity and are terrified of getting hacked, but constantly do things the wrong way or worry about the wrong things. Because it’s just too confusing for them, and it’s always changing.

[–] rainerloeten 1 points 11 months ago* (last edited 11 months ago)

Just use a VPN bro and you're fine /s

[–] capital -1 points 11 months ago* (last edited 11 months ago) (1 children)

Fuck mandatory 2FA. Most sites just throw SMS on there and leave it at that. I’m so tired of putting yet more of my information into services that don’t require it to utilize the service.

If TOTP was more prevalent (getting there) I might agree but then we’d be talking about how the typical user doesn’t know how to set that up.

[–] sudneo 2 points 11 months ago (1 children)

Companies pay SMS, TOTP is free for them (just a computation...). It is utterly dumb to implement the same logic with a paid service rather than TOTP (or security keys, at this point). So yeah, I agree with the idea, but I think nowadays most 2fa is TOTPs (sadly, some require their shitty apps to do just that - Blizzard once was one of them, maybe still is).

[–] capital 1 points 11 months ago

It’s a thinly veiled method to gather more info from users when SMS is the only option.

[–] [email protected] 3 points 11 months ago

2FA should be forced, it's not a hard thing to do.

[–] postmateDumbass 1 points 11 months ago

To badbiometric data couldnt be used....