Thread: Two factor authentication - have you? Passwords

Originally Posted by p38arover

^^ One never stops learning.

Or in this case, two.

Originally Posted by V8Ian

Or in this case, two.

Are you inferring that you were aware of the existence of "Matlow"?

Originally Posted by NavyDiver

I tried using a photo on my phones FACE ID bio metrics- You may need to cut my face or thumb off

Interesting security risk is that the phone back up includes that data of course!

MY GOV. MY GOV ID and Two factor authentication applications I have on my phone have a device specific tag/certificate meaning duplication to a new device does take a lot more than a mirror duplication happily

I can remotely wipe my phone- Call me Mr Paranoid

I think too much responsibility is placed on customers, as there is a scam going around where crims hijack an email and change the bank account number but not the name, and the bank will process payments even though the two don't match! Also I watched a doco about scams in the UK and quite a lot seems to be done with inside help from bank employees, shop employees and postal workers.

Had an interesting discussion with a data security expert for the Qld govt while camping on Saturday.
He said the main problem with the Optus hack was not what ID it required, but the fact the verification details were retained rather than being deleted.
He said retaining details meant Optus had a duty of care to keep them safe. He also said the Optus breach was not that difficult, but wouldn't say how it was done.
He also said he tells Qld govt bodies to delete the verification details, and ask for them again if it is necessary to reverify.
So the result is stringent verification plus deleted details.
Apparently one problem is federal terrorism legislation passed in 2017 forces telcos to retain identification details for up to 2 years after an account ends, which can mean up to 6 years.
So Optus, and probably all telcos, are storing that information to comply with federal laws and so become attractive targets for hackers. So maybe Optus is being unfairly blamed for trying to comply with federal laws.
Sounds like the laws need to be changed to cut the retention times and increase deletion.

On 26/9 Optus emailed me saying that my name address, DOB and home address were hacked and in bold " No ID document numbers or details have been affected" Last night I get a text saying "Cyberattack update: Confirming only the licence number on your Driver Licence was exposed, not the card number.. Your State or Teritory government willprovide advice on any action that you may need to take via their website" I wonder which is correct. I have entered a chat with Optus but don't anticipate any answer. This is really ****ty. At the time I wondered if they actually knew or may have lied . So I am in limbo. Regards PhilipA

I'm a grain grower who sells grain to grain buyers. Quite some years ago most grain buyers agreed to centralise their grower details with a 3rd party business although my prime buyer maintains their own details. That 3rd party this year upgraded their online system then requested growers by email to log onto their new system with their existing logon to check their details. However they set the new system to require additional indentification proof such as a driver's licence, Medicare or passport number at the initial logon. Well before the Optus incident I declined to hand over any such indentification on the basis that they have no right to require such information from me and my providing such information increases the risk of identify theft. I don't know how this will progress especially in light of the Optus incident but I don't need to update any personal information at this time, indeed I've not needed to update my details since the 3rd party arrangement commenced. Grain buyers pay direct to the grower, not to the 3rd party.

If I was you I would change my licence number, just to be sure.

Originally Posted by PhilipA

On 26/9 Optus emailed me saying that my name address, DOB and home address were hacked and in bold " No ID document numbers or details have been affected" Last night I get a text saying "Cyberattack update: Confirming only the licence number on your Driver Licence was exposed, not the card number.. Your State or Teritory government willprovide advice on any action that you may need to take via their website" I wonder which is correct. I have entered a chat with Optus but don't anticipate any answer. This is really ****ty. At the time I wondered if they actually knew or may have lied . So I am in limbo. Regards PhilipA

In NSW they will change your card number only and it costs $29 to be refunded by Optus , maybe one day in the far far future. STOP PRESS . I apparently am being given an Equifax account for one year to check whether anyone tries to steal my identity. Of course I went through the motions and applied only for the Optus special number not to work, so more time on the phone tomorrow. Regards PhilipA