I will raise my hand and admit…
I looked what particular shade of red #E10600 is. Because Friday. Unexpectedly, the color picker I installed didn't have 400MB of extra dependencies.
"Buy me a beer?" Sure, I buy beers for perfect strangers all the time. But you will have to wait your turn. There is a queue, and the other strangers are more reluctant to accept my hospitality. It is already 11pm and I am still sprawled across the sofa. I had been hoping for an early night but fat chance now. Pride is at …
That's not a friendly colour, it doesn't make me want to donate anything apart from blood.
I find it very useful when American 'comedy' programs have a laughter track. It informs me what just happened or said was supposed to be funny. If it wasn't for the audience I would never have guessed. But I do wish they would cut out all that cheering and applause when a character comes on screen for the first time in an episode. The opening captions should inform us that "This program was filmed in front of a bunch of morons".
This is verging in to internet-taste-flame style territory, but I quite like Seinfeld. The characters are delicious - they are mostly amoral and never grow as people, and the situations their lack of morality gets them into is usually some excellent farce. Most of the humour is based around their morality, which makes it very human and timeless.
The other great thing about Seinfeld that has made it more durable is that there is very little in terms of long term story - as I said, these characters don't grow or evolve - so each episode is fairly standalone. Therefore, you can watch any episode in any order, George is still George, Jerry is dating someone new each episode, Kramer is nuts. You don't have to track if they were "on a break".
You don't have to track if they were "on a break".
I worry about the implication that Friends has become the bastion of plot development and story progression to which all else can only aspire.
But then I didn't get Seinfeld either, I was more of a Frasier aficionado.
Agreed, this narrative that Friends was the greatest comedy ever because hipsters in their early 20s think it's vintage really annoys me, I stopped watching it long before "we were on a break" become the go to punchline every time they ran out of jokes.
For American comedy of that era, Dream On was one of my favourites but that may be rose tinted memories as it was rather more adult in content than most of it's time.
Do you not have the card reading code generator that you have to insert your carte into and tap your PIN. So as to get an authentication code for each transaction, Mr Dabbs?
The one you don't travel with. And then work out you can use someone else's. From a completely different UK bank.
"From a completely different UK bank."
I occasionally verify the pin codes for all my bank account and credit cards - as they don't get used in anger very often. It was a disappointment to find that my Barclays and VISA pin sentry device doesn't recognise my Halifax MasterCard.
Configure your MS account to use an "alternative authenticator app" then remove the MS authenticator.
Same for Adobe.
Same for everyone.
What's this mysterious "alternative authenticator app"? One which does with six-digit TOTP codes and has backup, e.g. FreeOTP+ on Android. I just checked and it's not available in Tim Apple's walled garden though.
FreeOTP exists on the iOS App Store, as does Google Authenticator, Authy, OTP Auth - it's a long list of apps which basically all do the same.
I used OTH Auth for a while for its ability to choose which codes were visible from the logon screen so they could be used in case of emergency without logging in, but of late I have become a massive fan of Step Two, simply because of its very bold UI (not its integration - I abandoned Safari quite a while back and there's no plugin for FF). I now tend to store new codes in both so one acts as a backup to the other.
There are only two things that every decent OTP app needs: the magic code that the PIN is generated from, and a way to identify the account it represents. In Step Two that is both by whatever name you give it and what colour you choose, and that colour also comes back in the Watch app.
And I like simplicity when it comes to security.
"Damn smartphones and the apps that go with them."
The worst is security 2FA apps that require a postal mail to be scanned by your app. Because any time you loose/break your phone, you'll need to request this mail.
And if, like Dabbsie, you're unlucky enough to live in France, you already know you only receive 90% of postal mail addressed to you, so this one can be lost, while you need to work on your bank account fast ...
I don't hate smartphones but I do hate more than half of the crap they come preinstalled with.
Crap that is cunningly crafted so that if you disable it, important parts of the OS will no longer function.
In other news, the video was a piece of post punk, punkjunk, contrived and made to market to an audience, none of the genuine spontaneity of the original. I feel a little qualified to criticise having worked on the door at a couple of Sex Pistols gigs in the 70s.
So do I, that's why I don't have one. I think a lot of people assume that they are obliged to have one without questioning whether it would be of net benefit for them. It probably is for most people but I got fed up of shutting down an app which would relaunch itself 5 seconds later, the short battery life, lack of tactile feedback (ie buttons) and, of course, the data slurping. I didn't find I used enough of the apps to warrant having one over a dumb phone. Now I've got a CAT builder's phone, it's pretty indestructible and the battery can easily last over a week.
I hate smartphones.
As do I. Still I have one. Sort of. A Sony XperiaX that exclaims on startup that it can't be trusted[0], then offers me a screen with apps I deem useful. And just those.
It's also not my phone because I prefer phones that don't need to be recharged every night, so it get used more like a small form-factor tablet.
[0] Orly? how about all the info that ChocFac is siphoning off your phone while it's running its stock Android?
I don't know whether I hate smartphones or not. I bought one on sale. And I managed to set up wi-fi. Then I tried a few things. And the more things I tried, the less I liked it. So I never activated service. If I need to make a phone call, and I'm not at home, I use my 15 or 20 year old Nokia which doesn't aggravate me at all and costs about a third of what the cheapest smartphone service would cost.
I was using such a phone, a Nokia indeed, as my work phone until quite recently. That's when I got a call from someone in Ops Support whether I was still using a 2G SIM? Well, no, but it's in a phone that does 2G only. "$PROVIDER will cease offering a 2G network, so you'll have to change."
After a bit of cursory checking and finding that most of the 4G nonsmartphones were six of one, half a dozen of the other, I settled on some Alcatel that $PROVIDER was offering. Which turned out to be right in the middle of the 'meh' range I expected it to be in. But it works as a phone with little of the cruft[0] that smartphones tend to come with, and runs several days on a battery charge.
[0] which I have no intention of using, so why should I lug around a phone that offers them at the cost of battery life, and bulk?
I have recently (today) had to buy car insurance while trapped in the middle of nowhere without internet connectivity (Hangar Lane). According to my brother who did the paying, the reason you need a fisher price phone is because once in a blue moon you might need to contact some corporate behemoth and they don't provide a phone number to give them your money over.
After a 1/2 a lifetime in Computer Journalism, and training surely you know:
1) Random advice from colleagues is dangerous
2) Unless you have a team of more than 15 or a project the size of building & outfitting a hospital you know you don't need any Task List program (or Project manager sw, which I had to keep explaining to people that it's sw for a project manager of giant projects, it doesn't manage).
1) Nothing wrong with good passwords, different for every site. Money related ones in the paper address book kept safely (never with phone/tablet/laptop), others in the browser with a master password. So only need to remember two, but written in the book in case you die suddenly; note some kinds of deaths destroy your phone too.
2) SMS is not secure. Someone can either intercept it or even setup your number.
3) SMS has no guaranteed delivery or latency.
4) What happens to the 2FA when your phone is lost, broken (stupid model with virtual SIM) or stolen? A backup phone can't easily get the same number unless you are the expert criminal in item 2. A backup phone/tablet/computer can use the same email address as a broken one
5) properly done email can be safer than SMS or an App.
Intercept: out of the many emails I get every month, only spam now ever arrives at the server without an encrypted connection, so intercept is a bit harder now. Thank God, IMHO.
Spoofing: yes, if the sender doesn't set up at least SPF records you will have that problem. Before anyone mentiond DKIM, yes, fine, but I object against a "hello world" email acquiring another 5k of ballast (especially looking at you, Microsoft).
5) properly done email can be safer than SMS or an App.
email is a bit of a potch as well... I use a website that insists on using email 2FA; they have set the timeout to 1 minute.
So you have to swap to the email app, once the email has arrived, open the email, copy the code, swap back to the website, paste the code in and voila, one is finally logged in.
Trouble is that the phone may have other ideas, the email app may crash, they keyboard app may crash, the phone may be sulky about checking for new mail, there may be an "a" in the day name, who knows? it usually takes 3 or 4 goes to get it right.
What is the website? One which allows me to control my christmas tree lights! (No not IFTTT)
Yes email well done might be as secure as SMS (certainly no more secure if you are talking SMTP) but you try finding 'well done'' in any software these days.... you may get patches of brilliance, however, in general, website code appears to be written by the lowest bidder using copy and paste from Google searches for functionality, or the VSCode "AI" that steals other people's copyright code.
A backup phone can't easily get the same number
My provider offers the option of a second SIM[0] that you can stick in another phone for an emergency switchover. Of course, they state, you can not have both phones active at the same time; that second SIM is in its predestinated phone with a fleck of kapton over its contacts.
[0] you're actually getting two new SIMs, as they have to do something unmentionable to get the PINs to match.
Quote: "The screen changes to something apparently designed by a MySpace fan: clunky fonts, non-adaptive layout, impossibly tiny text (some of it underlined, some of it – gulp – flashing), 3D-chisel-bevel buttons… in other words, an authentic banking confirmation page. I pinch and zoom four times so I can read what it says: it's telling me I have to enter a six-figure code that has been sent to my handset by SMS."
Had the above thanks to Verified by Visa just yesterday.
Picked up the car from the garage after a successful MOT, but their card reader system wasn't working and they asked if I could pay-online instead? I said yes.
Typical options, Visa, Paypal etc and I selected Visa. After entering card details, this inevitably triggered the Verified by Visa screen.
So on a typical phone screen, ~6" diagonal, so about 7cm wide, the Verified by Visa screen itself was at most, about 2cm wide, surrounded by white space. Zoom in, some text, and a Next button. Click Next, hmm, it's tiny again, so zoom in, it now want's to send an SMS, click yes, it's tiny again, zoom in, we now have a box to paste the 6 digit code into and so on.
Seems Verified by Visa simply ignores the fact you're on a mobile device, and scales to a desktop screen instead, so zoom, click, zoom, click, zoom click, aaarrrhhh!
Icon --> As that's what should happen to the devs who created the abomination that is Verified by Visa UI.
Verified by Visa is a joke - every time I've encountered it I *always* click on the "forgotten my password" button and it asks me for the same personal data (card number, name on card, etc) that someone trying to fraudulently purchase would have already just provided this to an online merchant before being redirected to Verified By Visa, the only "new" (i.e. additional) bit of personal data needed to change password is Date of Birth which for any fraudster who got this far (with card number, address, etc) would likely have been able to also find this out.
VbV is just smoke-and-mirrors, security theatre!
Two factors: User Id and password.
Count them. Two.
Why don't we call these two factor ID/
Because some numpty at some point decided that the user's email address was a piece of secure, unguessable information that could be safely used as a user ID and would save on the effort of keeping a separate email address. And the lemmings followed. Because most people only have a single email address they use the same user ID everywhere, reducing its authentication value to zero.
So now we have to have an additional, how many hoops can you jump through, "factor" and call it 2 factor authentication.
Yup. The difference between identification and authentication is sadly something that most people don't pick up on. They are not the same thing.
Identification proves who you are.
Authentication proves that you are consenting to this security check.
Which is one of the problems with using fingerprints to log in to phones. They are identification, not authentication as in theory somebody could press your phone against your hand whilst you sleep. That proves your identity, but it doesn't mean you consented to that log-in.
"Authentication proves that you are consenting to this security check."
By the time you've entered the password a second time and entered two digits of the pre-arranged security code a second time the SMS, should it arrive before time out seems a bit superfluous in terms of authenticating that you are consenting to the check.
And let's remember that the bank, should they ring you up, will be totally unable to distinguish themselves from any random phone phisher.
They will also fail to reply to any emails requesting that they confirm whether of not the marketing spam, laden with links, sent in their (noreply) name from some 3rd party professional spammer digital marketing company professional spammer is really theirs or not.
"sent by means of non-arriving SMS messages"
Just this.
Tried to make a payment this morning. After jumping through the hoops of enter password again and enter two digits from security code again they send a text. Phone which was supposed to be charging wasn't.. Hastily plug it in properly. Request resend. Request it again. Nothing. Eventually 3 texts arrive by which time the payment page has timed out. If I try to go through the whole thing again will it send duplicate payments? Who knows with this wunch of bankers? Thank goodness I still have a cheque book.
What about when somewhere in the distant past you were forced to set it up, and are suddenly confronted with 'what is the name of your pet?' (if that, indeed, was how they decided they were going to do it back then).
Uh-oh. Did I use the cat, or the dog we used to have? And did I capitalise the first letter or not?
My online share dealing account uses such a system, and fortunately I use it often enough to know (but still sometimes forget the first letter capitalisation if I'm in a hurry). But every now and then, another site will ask a question it hasn't asked for a long time, and password recovery is the order of the day.
My Halifax bank account is the worst, though. You have to enter three characters from dropdowns that correspond to random characters in the complicated and hard-to-guess (and equally hard to remember unless you wrote it down somewhere) magic pseudo-word you had to create initially.
And it got worse when I opened an account for my dad during the lockdown, and for some reason left one lower case 'L' as 'l' in the pseudo-word, but got clever with the second occurrence and used a numerical '1' for that. Then promptly forgot I'd done it. Stupid system waited for a couple of months before it wanted that second character, and I was stumped until I looked closely after almost being locked out.
Nationwide are currently driving me in circles. HMRC want to know how much peanuts interest Nationwide paid me for tax year 2020-21. The same every year. When I give them the information over the phone they also ask for all the details of the account. Why can't their computers talk to each other?
Discover that Nationwide no longer send out paper copies of the information and expect you to go online. Usually I would go to the local branch and get my passbook updated - but I am taking no unnecessary risks with Covid.
Start to create a login. All goes well until it says they need to send me a verification code - and it then says they don't have an email or SMS number for the account. A letter will be sent to me at my registered address with a magic hidden number.
Letter arrives with details needed to login. Try to login - needs verification - and they don't have an email or SMS for the account. (Sound familiar?)
Did the local branch ever ask me for that to register for the future?
To register the details I have to post them my passport - or go into the local branch with it.
Ring the probably generic number to talk to my local branch to see what hoops are in place for Covid visits. Phone stops ringing - and then disconnects.
I have good mind to close my old age nest egg account of over 20 years and find another mutual.
"Ring the probably generic number to talk to my local branch to see what hoops are in place for Covid visits. Phone stops ringing - and then disconnects."
Today I girded my loins for a visit to my local branch - my first non-medical foray in 18 months of isolation. The branch looked rather dark - "Closed for refurbishment until November" .
What about when somewhere in the distant past you were forced to set it up, and are suddenly confronted with 'what is the name of your pet?'
All my pets, parents, parents' birth places, schools, first loves, streets and whatever else they think they can authenticate you with are curiously enough named "forgotthat", in a particular bastardisation of a local dialect[0].
[0] Easy enough for me to remember the exact spelling, plus I have to use that sufficiently frequently to keep it fresh.
A user id never was a security proposal. What it is is another detail the user needs to remember for almost always no reason. I have a username here to identify myself to you guys, and in fact I don't even know why I set it to what it is--I couldn't think of anything back when creating the account and went with this one. For other things where I don't need a pseudonym to label myself, there is no purpose in a custom username. It's another thing to memorize, and it doesn't secure anything.
You assumed Paypal is any different from banks security wise.
A few days ago I tried changing my Paypal password. The new password is generated by a password manager. I don't care what the password is, it's all asterisks to me. Copy paste exists after all.
"Your password should be 8-20 characters long."
Ugh, grumble, but OK. Let's shorten it.
"Your password can only include letters, numbers and these characters: !@#$%^&*()."
What? It included some "7 bit" ASCII chars. What is this crap?!
Also reminds of how I lost access to my work related Apple Developer account. The account was used to manage Apps not only for my company, but also clients' companies. Don't use iOS devices though, only for testing and those have separate non-Developer accounts of course.
Apple reasonably decided to require 2FA. But to set it up it wanted me to answer the password recovery security questions. These I had initially answered with random be cause my password is more secret than my mother's maiden name and I use a password manager. I'm not a toddler. Or may be I am for assuming Apple Security not misusing retarded security features.
So I couldn't answer the questions I should have been asked only when I lose my password which I didn't lose. Talked with Apple support multiple times about this, no solution.
Even though I could access my account (new user/pass) and had access to the associated work email and still worked there etc and could be vouched by other "Aplle Developer team" members, once the deadline for 2FA activation arrived I was locked out.
This sort of thing makes me wonder just how maintainable the name-space for usernames is.
Because many organisations have a very sensible policy of not re-using usernames, for some long lived services, eventually new users will not be able to find a name that is unique or relevant.
My name is pretty unusual, but I know of at least three others with the same first and last name as me, two of them in the UK, and this causes me issues when people try to guess what one of the other's mail address is, and mail for them lands up in my mailbox (I got in early enough that I got my name as a user account in several mail systems).
I don't want to see their medical bills, although I was tempted to attend an invite to the British Embassy in Dar es Salaam for a formal event, although the plane ticket would have been a bit steep.
The company I work for have AD user names that have no relation to the user's name or identity, it's just three letters and four numbers, randomly (I assume) assigned. I guess it's pretty secure (by being obscure), but the mental lookup table I use when trying to work out who the other people logged onto the same network devices as me are is having indexing issues...
Security by obscurity is no security
There are reasons why having random user names might be useful, rather than user names based on a person's identity (phishing attacks), or sequential identifiers (automated / rainbow attacks), but you need to have other, stronger, measures in place, to protect your logins. You should be working on the principle that user names are known, and the attacker is trying to crack the password. Adding 2FA into the mix means the attacker also needs to physically have the 2FA device, or be able to spoof it, as well.
Which is more work, so it is harder. If you want it to be even more secure, keep disabling the easiest method and adding another one, like this:
1. Don't use SMS, so SIM swapping won't work.
2. Make the user have a passcode on their phone, so simple theft won't work.
3. Make the authentication app have a custom unlock code, so stealing a phone after somehow extracting the device code from the user won't work.
4. Etc until you are happy with the level of difficulty and risk you're dealing with.
Having just a password is around -4 on this list.
The difference here isn't that the attacker can't do this, but that it is much harder. They need the username, and the 2FA device, and then they can get to work trying to crack the password. If the auth provider has any sense at all, they will have an escalating delay on failed password entry as well, to prevent dictionary attacks, and such activity should raise an alarm somewhere.
The most notable difference here, though, is that the attacker needs the 2FA device for every account they are trying to crack, so in practice are going to have to go after one user, and not any user. From a security viewpoint, the attack surface is greatly reduced.
I could have had any of the following roles - cardiac surgery fellow, waterpark worker, brain surgeon, senior company photographer and more....
More annoyingly I keep getting final demand for payment from frontier telecom and Direct TV despite not living in their service areas (and yes I tried asking them to stop emailing me as I wasnt their customer), had to file a complaint with the Australian FCA to force National Australia Bank to stop emailing me, they refused as I "wasnt their customer", so I went the data protection route along with "keeping accurate records" and the AFCA agreed....
Same here in the UK with MBNA. They kept sending me statements but refused to deal with me as I wasn't their customer. After some significant research, I found a way to contact them and basically told them to check and update their records or I'd be passing the info onto the relevant authorities. I even gave them my mobile number with a strong disclaimer to not use it for any other purpose than to contact me over this specific issue. Someone from their security team actually phoned me! Wow! After a bit of toing and froing, we agreed I was getting these emails and was not the intended recipient and this was a problem for them to deal with. The emails stopped. A year later, they started again. Did the account owner not know his own email address? Did he think he could just make one up and it would magically work? Did MBNA have an outage the meant they restored from an old backup? No idea, don't care. Sent them an email, CC's to the relevant authorities and set up a rule on my mail server to to "bounce" any more of these statements from them to any and all MBNA official accounts I could find.
I used to work at a site where we were allocated mail accounts in the same system as our customer. At the time that system was Lotus Notes. There were two people in that worldwide system with my surname.
I was listed as Andrew, the other one was listed as Andy.
People sending us email commonly took the first person with the surname that they noticed.
So he forwarded stuff to me about IT, and I forwarded stuff about his job.
And when I visited Brisbane on hols, we took up our longstanding promise to partake of a beverage or two.
I'm starting to avoid services that require you to load apps on your smartphone, partly because I object to my phone becoming cluttered, and partly out of principal to defend the rights of people who don't want/need a smartphone.
I once checked in at a highly automated hotel where you could not access the WiFi, or even book breakfast without loading an app on your phone (I didn't, and made a pain of myself in the restaurant in the morning - why do I need to pollute my phone for a one-night stay in a hotel I never intend to use again).
My phone has enough junk on it that I actually need without having loyalty apps for all of the retail outlets that I use, and goodness knows how many of the other things I already ignore. I just have to see "Have you tried our app.." for my blood to start boiling.
I'm happy to use smartphone apps for things that are genuinely useful to me (and have been since I got a Palm Treo over 15 years ago), but I refuse to be dictated to by organisations trying to replace workers with poorly thought out, badly written junk, and that's ignoring all of the tracking that many of these apps use to mine data about me from my phone (this [trivial] app require location services to be turned on, and access to files and the address book on your device).
It's making me consider going back to a dumb phone.
The only 'required' app I have on my phone is from my bank because they told me without using it to authenticate online purchases, I would not be able to make them.
I discovered that purchasing through paypal seems to be a one time authentification, so now all of my purchases go through paypal whom I trust more than my bank and have the app disabled most of the time.
When it is on, most of the absurd list of permissions are denied.
Any service that demands I use their app is not a service I use.
Not got anything to do with smartphone apps, and everything to do with the fact that I never learned all of the English grammar rules.
Everything has to sound right when spoken, and sometimes things that sound right (to me) are wrong. It's going to be difficult to change at this point in my life.
poorly thought out, badly written outsourced junk so when it does not work you cannot even complain to the monkeys that created it. Happened to me more than once with a supermarket 'fidelity' app you can use to 'activate' your discounts except it didn't.
Being an old codger, the last time it didn't work the cashier told me that there was nothing she could do, so I politely asked her to call someone that could do something about it. Of course no one could, and I got the discount anyway, but the cashier and her supervisor mentioned that it happened quite frequently...
Now get off my lawn.
In my experience, online French banking knocks off work when the staff do (I suspect every transaction still has to be approved manually), so forget about buying stuff in the evenings, at weekends and often on Mondays. They still put the verification pages etc. up, but it's only for appearances.
Only if you insist on attempting to speak to it in English. Try the tiniest bit of school O level French on it and all of a sudden its attitude will improve dramatically.
It's only human and hoping for a little bit of respect, after all.
Good morning Mr. Dabbs:
Reading your column (today) made my morning sunnier.
Your smartphone woes and the plight of those who cared to share theirs made me aware that I am not alone in my refusal to use one instead of a Blackberry 9620 which (as a phone) works perfectly well.
I would not dream of using any sort of portable as a banking/payment terminal.
Have a good week-end.
O.
Whenever I see 8 - 20 characters all I can think is they're storing my passwords in plain text at best some sort of 2 way encryption (which is as bad) morons!
When they prevent you using pasting into a password box, whoever came up with that needs stringing up by their balls.
My password policy 8 chars minimum and you need to score a minimum of 3 on zxcvbn's complexity the upper limit is 4000 because it has to be set somewhere and it doesn't matter since its one way random salted hash. DON'T USE BCRYPT (most/all implementations truncate at 72bytes (sigh))
Alistair tells it like it is.
We need to get and there and PROVE that these security-obsessed arseholes are the first against the wall come the revolution.
I love that my bank and credit card claim, by making their use impossibly difficult and resulting in multiple unwanted cancellations, to be trying to save me from 3rd world thieves. No, you're not. Be honest. You're trying to save yourselves from first world thieves by adding to my inconvenience. You forget that it's YOUR business and YOUR problem if you can't make it work reliably. Fix your own bugs. Don't pass them on to me. That is specifically what the banking regulations making you responsible for fraud were intended to so stop wriggling and stand up to the plate.
Canada. VanCity Credit Union, except that they just foisted a new and ungainly login scheme that is honestly bad enough that I'm abandoning them.
What frustrates me most though is that the most labyrinthine and non-standard password restrictions are invariably for some crap entity that I will never use twice in a year.
What frustrates me most though is that the most labyrinthine and non-standard password restrictions are invariably for some crap entity that I will never use twice in a year.
The password entry box had an accompanying text stating that my password had to be "At least 12 characters, of which one digit and one non-alphanumeric character".
Entering "atleasttwelvecharactersofwhichonedigitandonenonalphanumericcharacter" it horked up an error that it was too long[0] and didn't conform to the set requirements.
[0] What hidden part of "at least" was there that implied "not more than"?
I was recently working on a desktop refresh and Office 365 migration project, and one of the goals was to move everyone to MFA via MS's Authenticator app. We had a very high failure rate and a lot of calls from users who couldn't get it working.
Turns out that around 60% of users didn't read the instructions fully, so instead of scanning the QR code they should have generated on the MS website to sync the Authenticator app they were scanning the sample code that was on the instructions PDF.
I'm sure I don't have to talk about how easy it is to give them your money.
People need to learn from this, or else Bezos is just going to get richer and richer.
The other day I wanted a particular item, so I went to their website. After dealing with the fact it only worked in Chrome and not Firefox or IE, I finally found what I wanted. It took 3 attempts before something appeared in my shopping cart. An attempt to pay gave me "Routing Number Unknown" despite the fact I was paying with a credit card and not an e-check.
Fuck it. I went to Amazon and purchased it in less than 4 minutes, "free" shipping no less.
PrimaryBid started off as a great way to invest in offerings not usually available to Private Investors. Login to their website, select the company you are interested in, and away you go.
Can't do that anymore. It's all App-based. Had to ring their Helpdesk too many times to do exactly the same thing that previously took a few clicks on the website. I don't bother now...
Will someone let me know if they ever see sense and revert back?
BT have updated their "Report a scam call" page. A few new questions have been added - like "who did the caller claim to be?" which surprisingly didn't include "Microsoft" as a tick box option.
Having given them the number you were called on - they then ask if it was "landline" or "mobile". Do they not know the UK number group differentiators?
They finally ask if you would like to complete a survey. This then ignores your previous "NO" tick boxes - and assumes you fell for the scam. Navigating through the questions you use "NO" a lot. Finally the form will not submit until you give them some information which is predicated on a preceding tick box "YES" - to which you had already answered "NO".
Even a work experience 14 year old would have made a better design job of it.
OK, so I have to admit that I have attempted to make a donation to a free web site and failed. Alpertron (I'm an occasional user nothing to do with the developer) does mathematical calculations, very very well. In particular I have used it to find factors of quite large integers, and it is excellent, maybe I'll have another go now he's got a PayPal account.
The web site is at https://www.alpertron.com.ar/ECM.HTM