It is currently Sun Nov 19, 2017 7:30 pm

All times are UTC - 7 hours





Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Fri Apr 01, 2016 7:37 pm 
Offline
Formerly 43110
User avatar

Joined: Wed Feb 05, 2014 7:01 am
Posts: 313
Location: us-east
Update: if you get a email that's signing up a twitter account for you Click the "not my account" link. if you fail to see it, read the HTML part of your email.

tl;dr: Angry rant against twitter, Yet another decade I'll not be in social networks.

This year for nesdev I had planed a joke interaction where I implied that I lost interest with developing NES games and quit in favor to develop independent video games. In my farewell message I was going to include a link to a twitter account, because all indie game developers have twitter accounts. The account was mine in 2009 but I since abandoned it. The abandoned account was reused by a spammer and got suspended, so it would of looked like I got suspended. As soon as someone pointed that out I would of proceeded to create a new true account.

But here's the twist. This morning some jerk spammer used my email address to sign up for a account and promptly got suspended. I did not confirm that sign up but twitter refuses to accept my email address due to it "being used" despite that I *never* confirmed it! On top of that it seemed like the only way to talk to twitter at all is to log into the account created at my expense. I filed out their forms but I don't think I'll get a response back, as it seems the system won't care until I link some cell-phone number.

The end result is that yesterday I was able to sign up for a twitter account without a phone number, but now for no fault of mine I can't, and the system (like many other systems since 2013) will continue to bully me into giving up a cell-phone number I'm not free to give. So now when people ask why I'm not in social networks, I can answer it's because those systems refuse to have me.

The joke's on me.

Edit: Changed thread title.


Last edited by JRoatch on Sat May 27, 2017 9:02 am, edited 2 times in total.

Top
 Profile  
 
PostPosted: Sat Apr 02, 2016 7:02 am 
Offline
Formerly AlienX
User avatar

Joined: Fri Apr 18, 2014 7:41 am
Posts: 133
Location: Bulgaria
Yeah, this whole "give us your number" thing is complete bullshit. The only other solution I can think of is just making another E-mail address, but I'd understand if didn't want to do that (I've got a "work" and personal E-mail and I barely check any of them, so that's why this doesn't phase me). Seriously, why should they ask for a freaking cell-phone number? What if by some weird chance the person doesn't have a phone? (Seems crazy today, but I wouldn't be surprised to see a person like that) What if the person just doesn't want to give personal information? I don't really know what they should ask for, in case something goes wrong like this.

_________________
Greetings! I'm That Bio Mechanical Dude and I like creating various stuff like movies, games and of course chiptunes!
You can check out my YouTube Channel.
You can also follow me on Twitter.


Top
 Profile  
 
PostPosted: Sat Apr 02, 2016 7:11 am 
Online

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19232
Location: NE Indiana, USA (NTSC)
Ability to receive SMS at a particular number is used as a means of password recovery or of two-factor authentication. Password recovery ensures continued availability of your account should you forget your password. Two-factor authentication ensures continued unavailability of your account to attackers should an attacker guess your password.


Top
 Profile  
 
PostPosted: Sat Apr 02, 2016 9:05 am 
Offline
User avatar

Joined: Mon Sep 15, 2014 4:35 pm
Posts: 3111
Location: Nacogdoches, Texas
I'm really not sure as to why these websites are so crazy in how they want your password to be. I made a 8 letter password that nobody would be able to guess, unless they were like some sort of renowned super hacker or something, and then one day, they decided it wasn't good enough and wanted me to put in four numbers too. (Which is annoying, because it's now off from all my other passwords for everything else.) Why do they care so bad? I can't even list one person who'd want to break into my email. Could they get sued or something?


Top
 Profile  
 
PostPosted: Sat Apr 02, 2016 11:12 am 
Offline
User avatar

Joined: Wed Apr 02, 2008 2:09 pm
Posts: 1035
Espozo wrote:
I'm really not sure as to why these websites are so crazy in how they want your password to be. I made a 8 letter password that nobody would be able to guess, unless they were like some sort of renowned super hacker or something, and then one day, they decided it wasn't good enough and wanted me to put in four numbers too. (Which is annoying, because it's now off from all my other passwords for everything else.) Why do they care so bad? I can't even list one person who'd want to break into my email. Could they get sued or something?

Don't think about you. You're not the only one the service is for. Think about people dumber than you. It is significantly easier to force a "good" password than it is to deal with the support emails from a person who has been "hacked". If someone guesses my password because my password is "password" (which by the way, is also an 8 letter password), I'm still going to want my account back. I'm going to have to contact twitter's (or whoevers) support, and some person will have to help me and verify I'm really the owner of the account.

And doing that for just five people is probably more time consuming than the simple string check they had to write to force passwords to be at least slightly harder to guess at random. And it's true that this alone doesn't stop bad passwords, like p455w0rd. But dumb stuff like that can also be filtered out in much less time than the support they'll have to deal with for account compromises.

_________________
https://kasumi.itch.io/indivisible


Top
 Profile  
 
PostPosted: Sat Apr 02, 2016 1:00 pm 
Online

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19232
Location: NE Indiana, USA (NTSC)
The password complexity policy I use on sites I've developed is 16+ characters with at least one letter or 8+ characters with at least one letter or digit. Longer passwords can skip the digit because they are assumed to be passphrases.


Top
 Profile  
 
PostPosted: Sat Apr 02, 2016 1:17 pm 
Offline
User avatar

Joined: Mon Feb 07, 2011 12:46 pm
Posts: 932
For email I run my own server, so do not have to worry that someone else can access it or whatever, as I can easily add and remove as many aliases as I want. However, I do not have a cell-phone and do not want one. For two-factor authentication, there are stuff such as OpenID; an OpenID server could implement as many factor authentication as they want to, and can be based on whatever you want to be based on.

_________________
.


Top
 Profile  
 
PostPosted: Sat Apr 02, 2016 8:53 pm 
Offline
Formerly 43110
User avatar

Joined: Wed Feb 05, 2014 7:01 am
Posts: 313
Location: us-east
I've been seeing phone requirements as a punishment, especially since when it's brought up due to "abnormal behavior". but here's the bigger issue I see:
Twitter accounts unconfirmed with any third party identity provider are able to do enough to break the rules, and cause demerits to that third party identity. You can as a malicious actor go through every valid email address you have in your files not already used for twitter and systematically cause them trouble. At this point twitter should stop pretending that cel-phones are optional.

As for the passphrase discussion:
Keeping in mind the possibility of database compromises with beefy password crackers, the entropy requirements for sufficiently secure passwords today are far above human rememberability. Therefore use a password database. If you are unable to manage an encrypted file, use paper (yes paper).


Top
 Profile  
 
PostPosted: Sun Apr 03, 2016 7:56 pm 
Offline
Formerly 43110
User avatar

Joined: Wed Feb 05, 2014 7:01 am
Posts: 313
Location: us-east
I am such moron.
I failed to see the "not my account" option in that initial email, due to the plain text version not having it.

I clicked that link and now everything's OK.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 7 hours


Who is online

Users browsing this forum: Google [Bot], Memblers, tepples and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group