Results 21 to 26 of 26
24-07-2014, 10:39 AM #21
- Join Date
- Dec 2011
Especially if you're a sane human and are using two-factor authentication for your email (if it's webmail), then it's much less likely that an attacker will have access to the email account *and* your Steam account, so the additional check does reduce the possibility that the login is fraudulent.
(I'd prefer them to just do straight two-factor with tokens or SMS, but "this computer is untrusted" queries are cheaper to implement I suspect (and push the need for actual security onto the email provider, which may be more important to Valve) ).
24-07-2014, 12:53 PM #22
24-07-2014, 01:30 PM #23
- Join Date
- Jun 2011
Unlike what 99.9999999 % of people think. Theres a right level of security for everything, and almost never is 100%. Arguably, you sometimes want it to be less than 100% to be more safe.
Sometimes you want the police, or firemen, to break a door. Or people trapped inside a car want to break the glass. Or you want some password to be simple and easy to remember...
I specially hate the idea that you need a login for everything, and a username for everything. More sistes should give you the option to be anonymous.
Last edited by Tei; 24-07-2014 at 06:14 PM.Ursula Le Guin - The Ones Who Walk Away From Omelas
24-07-2014, 02:42 PM #24
Most content on the web if it is translated from some kind of CMS will have lots of information like preferred language from the browser, from user input, from geolocated IP (which is hilariously inaccurate at times, to whomever said it IPs are really terrible ways to identify anyone) and that gets mixed with whatever the CMS actually has. It's not unusual for the content providers to provide translations for parts of things which forces the server to drop back to a default in places, or default everywhere (normally English oddly enough).
But yeah it is a big mess with most companies.
I think a lot of the newer implementations are to avoid exploits as well as hacking. Hmmm this person normally logs in to NetFlix from the UK but is suddenly logging in in the US suddenly... Steam have had similar problems of people trying to cherry pick store fronts etc.
24-07-2014, 03:54 PM #25
I can see how there are technical problems and other shenanigans when serving web pages, but still, why use a translation as default at all in regions where everyone understands English anyway? And if I already have an account where I've manually set the language to English at some point would it really be that hard to simply set a flag somewhere that this account should get content served in English?
24-07-2014, 08:44 PM #26
- Join Date
- Jun 2011
There's something INCREDIBLY important about business which we can see working here in isolation...
In commercial terms, it's never about doing something well - it's never about being the best - it's always about ensuring you pass the blame to others if/when it goes wrong. It's "musical chair risk' and it's what 99% of managers spend 99% of their time doing.
Millions of manhours each day are spent simply moving risk and shifting blame - I have a relative who's a healthcare manager and her ENTIRE job is attending meetings to ensure that documents are created to ensure that whatever happens, no-one can be blamed if something goes awry. None of what she does has 1 iota of benefit to any patient - it's all about keeping her employer 'clear of risk' - and she's one of dozens of people who do that for just 1 hospital trust.
Internet Security is almost a perfect example of this tho - you have to be seen to do 'enough' - to have just enough "stuff" to pass the blame along to the customer rather than accepting that it was, in fact, your staff's incompetence which allowed hackers to steal passwords and credit card details and hijack accounts etc. etc.
You may, one day, have to back that up with a lot of spin and lies (see Microsoft and the endless XBOX scams - their attitude is "our customers are stupid - it's their fault" despite mountains of evidence to the contrary) but you have to ensure the basis of those lies is there in the first place.
"We put in place 2-factor security" - "we added a location-checking system" - "we added more secure (less rememberable) passwords" and so on.
The reason we don't have better security systems is that there's no money in making them tho. Customers wouldn't pay more for a 'more secure' login system and there's no real motivation for the service provider to spend more than is ABSOLUTELY necessary to keep things 'as secure as will keep your job safe'
So we're stuck with a lot of unnecessary and pointless shit masquerading as 'security - often for sites which have little need for it other than some fucker, somewhere "wanted your email address".