Goodby Fax machine

I have a vague memory of someone (Tim Hunkin maybe?) sending rudimentary faxes to a mate by converting their lathes into fax machines. I have never used a fax machine, but should the need arise, my lathe awaits.

... and my bank has just started to go through 2-step verification every time a person logs on to online banking. But they won't send the code to an email address any more - either text or voice-phone.

Email can be read by people other than your intended recipient - potentially anyone in the World with a computer and an internet connection - so sending personal data via email is not secure. Some text messaging, e.g. Apple iMessage, is encrypted, which might be why some are insisting on texting  

FAX was relatively secure because you would have to tap an individual copper phone line to intercept the contents. Not sure if this applies to a FAX sent by a computer over the internet though? - probably not.

Two factor authentication is done to prevent your account from being hacked and your money and life savings from being stolen; so not a bad thing really !

You can't use email for two factor authentication because of point one: email is not secure. Some text transports and voice via phone is more secure

Edited By John Doe 2 on 03/11/2022 15:48:48

I'd say text, email, and voice have different security problems rather one being better than the others! The main problem with email for Two Factor Authentication is it's not immediate. Too many people check their email once a day or less which is too slow for an authentication check intended to speed valid transactions through the system.

Text and voice are considerably faster and the second channel doesn't have to have strong security. It's enough that the bank has another method of contacting the customer that's personally linked to him. It assumes a criminal might have access to your card, but is unlikely, we hope, to have your phone and it's password as well.

My son's bank is a notch stronger than mine. He's texted and asked to reply with a unique number provided by a token device that he also has to carry. The unique number changes every 5 minutes or so. To break this, at least in theory, the criminal needs my son's account details, his mobile phone, and the token generator.

Dave

OK, I have an email in front of me. Why don't you tell me what it says. While you're at it you can tell me what my banking log-on password is (2FA).

Edited By Peter Greene 🇨🇦 on 03/11/2022 17:30:23

... but, if they're sitting (as they would be) at their computer, trying to log on to online banking and the bank wants to do a 2FA, they'd certainly have pretty much instant access to an email that they are aware has been sent. It's not a "check once a day" case, it's check on demand (in my case all emails come direct to my machine - I don't have to go looking for them).

With only a landline, doing the second factor by phone is actually more problematic since it could be answered by someone else on another extension. And if that someone else has cognitive problems, you've probably missed the auth-no and have to start again (if the bank lets you).

Perhaps better for the blind/visually-impaired. Worse for the hearing impaired.

Frankly, I'd like to see the bank quantify the email vs phone security risks rather just parading out the "email is insecure" knee-jerking.

Edited By Peter Greene 🇨🇦 on 03/11/2022 17:54:21