• atzanteol@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    58
    ·
    17 days ago

    That’s great when my bank only uses sms for mfa though.

    Seriously, bank and credit card companies need to get with the program more than me and my friends.

    • Captain Aggravated@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      10
      ·
      17 days ago

      Steam. The store front I get my video games from. Has 2-factor authentication with a short time rotating code. To secure my Steam account.

      My bank uses SMS and “security questions” aka personal trivia questions.

        • Draconic NEO@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          16 days ago

          Or literally anyone who knows you. It’s based on the idea that strangers are the ones who will try to screw you over but everyone knows that it’s people who you know that end up screwing you over in most cases. So security questions are basically useless in all those cases.

        • toynbee@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          16 days ago

          While I agree with you, some people answer these questions with deliberately incorrect answers. If my closest friend tried to compromise my bank account with my security questions, he’d get them all wrong (and even he doesn’t know my wrong answers).

          Still a bad design, though.

    • Chais@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      ·
      17 days ago

      Right? Had a bank account once, where the login password could only have up to 8 characters. And only digits.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      17 days ago

      That’s a huge part of why I use my brokerage, Fidelity, as my main bank, they support Symantec VIP TOTP. I prefer my regular TOTP solution, but this us miles ahead of literally every other bank I’ve used.

    • Eezyville@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      17 days ago

      The only bank that allowed me to use totp was a credit union. You’d think the rich ass banks could afford to hire a developer to set up good MFA.

      • randomperson@lemmy.today
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        6
        ·
        18 days ago

        This is incorrect. Telegram is not end to end encrypted by default. But it is encrypted to and from their servers.

          • Opisek@lemmy.world
            link
            fedilink
            English
            arrow-up
            10
            arrow-down
            2
            ·
            17 days ago

            Except Telegram doesn’t use TLS :) They use MTProto.

            This is not me endorsing Telegram. I’m just pointing out your mistake. Telegram has other issues but it definitely does have transport encryption.

            • Justin@lemmy.jlh.name
              link
              fedilink
              English
              arrow-up
              8
              ·
              edit-2
              17 days ago

              The above commenter said that their end-to-end MTProto protocol is not enabled by default.

              Defaulting to just using transport encryption like TLS on a messaging app isn’t sufficient in 2024.

              • Opisek@lemmy.world
                link
                fedilink
                English
                arrow-up
                5
                ·
                17 days ago

                MTProto is not end-to-end. MTProto is their obfuscated client-server transport encryption.

                What the commenter above is referring to is Telegram defaulting to saving your messages on the server in plaintext. You can use a “secret chat” which enables end-to-end encryption, but that is separate from MTProto.

                Your sentiment is correct though. Messages should not be visible in plaintext to the server.

        • vrighter@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          1
          ·
          17 days ago

          yeah, that means not encrypted. When speaking to a web server, you are one end, and the server is the other. Tls ensures that there isn’t a man-in-the-middle.

          In case of telegram, you are one end another user is the other end. Telegram themselves are, by design, a man-in-the-middle in this case. I’m not concerned about a different middleman intercepting communications between me and telegram. I’m concerned about any middleman (which includes telegram themselves) intercepting communications between me and my friend.

          So no, telegram chats are not encrypted by default. Telegram can read them.

        • TedZanzibar@feddit.uk
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          3
          ·
          17 days ago

          Thank you! It winds me up so much when people parrot that claim.

          Telegram is encrypted in transit and encrypted at rest on their servers. At no point is any data stored or transmitted without encryption. Whether you believe their claims of never giving out encryption keys is another matter.

          My view is that if the feds wanted my chat logs that badly they wouldn’t go after Telegram, they’d go after me and my device directly, and at that point all bets are off.

    • Zachariah@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      18 days ago

      There are many where the server owners can see the messages, just not anyone else between the sender and receiver.

      Threema and Signal are good options that don’t do this.

        • Zachariah@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          17 days ago

          Signal being an American company is also problematic.

          These two are the best balance of security/convenience, however.

              • breadcat@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                4
                ·
                17 days ago

                if a messenger is truly 0 trust end to end encryption, it doesn’t matter who owns the servers or the legal protections of data because they won’t have any data anyway. that’s why signal is so good, when they get subpoenaed the only information that they actually have is the last connection and message sent unix times or something. still secure regardless of being in the US and being run on centralized Amazon, google, and cloudflare servers.

                • Zachariah@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  17 days ago

                  Then the jurisdiction of software development matters. Don’t want a back door being forced into an update by the FBI.

  • imblue@feddit.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    17 days ago

    Why not Matrix ? Its E2E nit just TLS and also it prevents vendor lock in. This way chosing a providor is really about trust and not also about having to chose the same thing what your friends use

  • ✧✨🌿Allo🌿✨✧@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    16 days ago

    silly question maybe but after researching China a bit for a few days, I’m genuinely curious: I like supporting the LGBTQ cause, which I could see making me want to avoid Trump probing, but from what I researched, China gov is not against LGBTQ. So is there any specific reason I should fear China looking at my stuff?
    Is it basically if I have account info in messages they would hack my accounts?