To unlock this locked door, simply press the “Open” button located on the inside. Continue reading Google two-factor auth gets its knickers in a twist… again
Look quickly at the above image and tell me what you would type in the second textbox. Yes, it’s the password box, to go with the “Apple ID” above it. But if you look at the dialog, what’s going on with the confusing radio buttons and icons to the left? Am I supposed to click the radio button next to the Apple logo and then type in my Apple ID, leaving the bottom one empty because I’m not an AOL user. If I’m an AOL user, do I click the circle next to the AOL logo and type my details into the textbox next to it, leaving the Apple one empty? After all, in most dialogs the textboxes have labels to the left, rather than above.
Wouldn’t it look better if the AOL/Apple choice was above the textboxes, making it clear they have nothing to do with the boxes themselves? It’d also be good if the “Forgot password?” link was more obvious and didn’t look identical to the “Example: firstname.lastname@example.org” text which you can’t click on. Like this:
For fuck’s sake.
Last week I managed to mess up while logging into my Natwest online banking. For some reason the system forgot who I was and wouldn’t let me in, instead suggesting I re-register. So I did, choosing a new password and suchlike.
Because I’d just re-registered they needed to send me an activation code through the mail to unlock all the extras that the online banking can do. Fair enough, the letter arrived yesterday.
Today I try to log in and … it doesn’t know who I am again! I’m fairly sure I got my password correct, but either there’s a big cockup with my account or I didn’t.
I will now have to re-re-register and await yet another stupid authorisation code. This time I will take the highly insecure action of writing my password down on a bit of paper and keeping it safe. Online banking – you have failed. You’re asking for too many codes and bits of password and sequences of numbers to veryfy that I am me. You gave me a two-factor authentication device that I have to use when making bank transfers. Why not use that?
Produce a challenge code that I have to key into my authorisation machine, and then provide my response as another code? If my card’s PIN is secure enough for withdrawing cash, and physically having the card is secure enough for buying things online, then the system should be good enough for online banking, no?
Or just ask for random parts of my personal details each time, it’s what you ask when I forget my password… why bother with making me remember something extra that I have to write down because I am too overloaded to fit it in my brain?
For some bizarre reason I woke up at half seven. Even more bizarre is that its now half eleven. Where did those four hours go? All I’ve done is fiddle with my website a bit.
WordPress has been upgraded to the latest version, and I think I’ve managed to make the OpenID stuff work again. It seems to like my LiveJournal ID and my Flickr one. It positively hates the OpenID I created myself using phpMyID but it probably doesn’t make sense for me to log into my own site using my own… site 😉 My own OpenID worked with Blogger, so it’ll do.
For some reason the Subscribe to Comments plugin isn’t working either. It’s hard testing this stuff, browser caches and cookies tend to get in the way. I spent ten minutes debugging this stuff only to find my proxy had cached the site and wasn’t really serving the updated content.
I’m running VMWare Fusion on my Macbook. In it is an instance of Windows XP. I have a Samba server on my network that is configured to be a domain controller. If I connect my Macbook to the wired network, VMWare Fusion will create a bridged network device and the XP instance gets its own IP address from my DHCP server.
Irritatingly, if I use the Airport wireless connection, the VMWare bridging doesn’t work. I get a message saying /dev/vmnet0 doesn’t exist. After a bit of reading and asking it seems this is because Airport cards don’t support promiscous mode, which is needed for VMWare’s bridging device.
So since the Windows instance then has to use NAT, it gets given an IP address for a tiny private network living in my Mac, which is totally unreachable from the outside world. Also it means any broadcast messages to discover network services won’t go out onto my real network. The main one being Windows saying “hello, is there a domain controller out there?”.
Took me ages to work out that putting the Samba server’s IP address into the WINS part of the XP instance’s network config solved that problem. I can now do a domain logon over a VMWare NAT connection that is using the Airport card in my Mac.
I still haven’t solved the issue where I need the domain controller to be reachable in order to log in at all. Since this is a laptop it’s a bit of a failure if I can’t log into it with the usual profile when not plugged into my network. I don’t want two profiles as this will cause a right mess of duplicate settings, and me having to configure everything twice. I also don’t want to point the local user’s profile at the cached copy of the network user’s local profile. Somehow my work laptop is configured to allow me to log into the domain, even when the PDC isn’t there.