Password Leaks

[MymsMan]

I filed my tax return a couple of days ago and on the log in page there was an option to be remembered for 7 days, I have not tested if it meant I would not need to get more sms codes or not need to enter my number and password again. I certainly did not need to enter anything again when changing pages, that only happens if you dawdle about without entering anything for too long and then it makes you log in again, the only time I had to log in again was to confirm it was me after submitting my return at the end of the process.

The HMRC 7 day sign in works for me,
I think 2FA is good for banking sites but is overkill for sites like this with no private information stored

Where HMRC does annoy me is when they send me an email saying I need to logon to read an important message.
Go through hassle of 2FA to read that my next tax statement will be available in the next 4 days

So now I have to set up a reminder to login again next week to read the statement.
Why not wait until the document is actually ready before sending out the notification? Ahead of time it just wastes my time and creates extra work (including submitting negative feedback -which is of course ignored)!

 

[Black Hole]

2FA should be reserved for situations where harm may be done if the activity is fraudulent – such as changing the password, changing the contact email, or spending money. However, codes sent to a registered mobile are themselves a risk, particularly if you have your phone set to display incoming messages on the lock screen. I have my phone set not to display them until it is unlocked.

 

[Owen Smith]

I have my phone set not to display them until it is unlocked.

As do I. But my parents won't let me set theirs like that, they say it's far to inconvenient for texts from friends.

What is annoying on iOS is there is nothing on the lock screen to say you have messages, so you have to unlock it only to find there aren't any and lock it again. Sigh.

 

[trog]

The HMRC 7 day sign in works for me,
I think 2FA is good for banking sites but is overkill for sites like this with no private information stored

Where HMRC does annoy me is when they send me an email saying I need to logon to read an important message.
Go through hassle of 2FA to read that my next tax statement will be available in the next 4 days

So now I have to set up a reminder to login again next week to read the statement.
Why not wait until the document is actually ready before sending out the notification? Ahead of time it just wastes my time and creates extra work (including submitting negative feedback -which is of course ignored)!

I never get that as I always insist that any correspondence from them is done by mail and just get a reminder letter once a year.

 

[Black Hole]

What is annoying on iOS is there is nothing on the lock screen to say you have messages, so you have to unlock it only to find there aren't any and lock it again. Sigh.

Not so with Android.

my parents won't let me set theirs like that, they say it's far to inconvenient for texts from friends.

Then you need to explain in very clear terms what might happen if their phone gets snatched.

 

[Owen Smith]

Then you need to explain in very clear terms what might happen if their phone gets snatched.

They think it won't happen to them. Dad's phone doesn't even auto lock being a dumb GSM phone, and he won't let me turn auto lock on.

 

[Black Hole]

Several times I've been out and about and found phones left on a park bench or on top of a wall or whatever.

 

[EEPhil]

Several times I've been out and about and found phones left on a park bench or on top of a wall or whatever.

Although I carry my phone when I'm out, I only use it when really necessary. I keep hold of it when unlocked, and lock it before I return it to my inside jacket pocket. (Can be difficult in the summer!) Failing that it locks when the display times out or it detects someone running away with it. NFC always off except when in certain supermarkets and about to pay.

 

[Luke]

What is annoying on iOS is there is nothing on the lock screen to say you have messages, so you have to unlock it only to find there aren't any and lock it again. Sigh.

That's strange.
On mine it's Settings > Notifications > Messages to control whether or not a notification of the message appears at all, and Settings > Notifications > Show Previews for whether any of those notifications are also accompanied by the message's text body on the lock screen (and other places).

 

[Black Hole]

Although I carry my phone when I'm out, I only use it when really necessary. I keep hold of it when unlocked, and lock it before I return it to my inside jacket pocket. (Can be difficult in the summer!) Failing that it locks when the display times out or it detects someone running away with it. NFC always off except when in certain supermarkets and about to pay.

Sure, but when somebody sends you a one-time 2FA code, does it appear in a message preview on your lock screen???

 

[EEPhil]

Sure, but when somebody sends you a one-time 2FA code, does it appear in a message preview on your lock screen???

Good question! I usually have the phone unlocked on a table at home when expecting a 2FA. Don't remember having it locked and getting one. If I remember I'll have a look next time.

 

[Black Hole]

Challenge-response systems are a better idea (eg the little card reader for card PINs on on-line banking). You coud even consider it 3FA. There's an app for that, but not many web sites etc support it yet.