Discussion in 'Ham Radio Gear For Sale' started by AA7BQ, May 19, 2019.
do you use LOTW ?
2FA is not the end-all, be-all of login protection. A cellphone is a woefully insecure place to keep a private key, and anyone with physical possession of or remote access to a cell phone can retrieve the private key used by 2FA apps.
This is especially worrisome now that people are using fingerprints and facial recognition to unlock their phones since both of these phone lock methods are trivially easy to defeat.
All I'm saying is, don't let 2FA lull you into a false sense of security. At best, it just adds a couple of steps the scammer must go through to gain access to your account.
My big question is, what is QRZ.com doing to protect the credentials that are sent in to verify identity? Are those images destroyed? Are they stored? If they are stored, what security measures are in place to prevent the theft of thousands of government IDs?
My concern as well. Which is why I asked if an ID with all but picture, name, and address obliterated will be acceptable.
Such an ID is adequate to register for Alibaba (Not AliExpress) transactions!
As an aside: Will ANY government's ID be valid for registration.
See last item under Unacceptable Behavior below:
Welcome to 2019
I think Nigerian government IDs may be suspect...
You actually have to read and understand Fred's message. He said you can continue as you are for everything on QRZ except listing an item on the swap meet. If you want to post an original ad then you will be required to use 2FA and become verified. Simple.
I think this is serious overkill. My bank does text authentication and it’s Ok for that circumstance but for a swap meet? Give me a break. People just need to use common sense to protect their passwords. Keep your device up to date, don’t give out your password and don’t log in through links to QRZ.
To deter scammers I suggest a rule change to limit payment by check or money order to only small transactions. IMO - A lot of extra due diligence is required when the seller is refusing payment through services like PayPal that offer some fraud protection. It usually isn’t a deal killer to bake the 3 to 4% fees into your asking price.
I also suggest removing classified posting prevledges from users that have been hacked until:
1. They identify how they were hacked
2. They demonstrate what they are doing to avoid future hacks.
My Lord, you complainers are ridiculous! How many of you actually pay / donate to this site? DON'T LIKE IT, MOVE ON! Post somewhere else!
Is it a perfect solution? NO. But, like the wall, it's better than nothing.
I also dont believe in "smart phones" and have not had one since it was hacked into back in 2009. The "verified" process sounds lots like what Craiglist does to prevent
users from having multiple accounts. I have a voice mailbox since 2000, but it cant get a text, just a voicemail or fax. Also for now I dont even have a landline phone
due to lousy service with companies hiring people who dont know how to perform their jobs.
I asked them to consider the "security" questions option for cases like mine, but they too wanted to use that google type system, and they dont realize theres a
decent percentage of people still out there who dislike and avoid google like the plague.
The down side to offering just one method is that if it develops issues like software glitches / bugs , hacks etc, everyone is destroyed.
Id like to see the option of creating your own security questions, or picking them from a drop down list, or a combination of the 2.
What I didnt like about the "verification" by phone on Craigslist was my voice mail line was not compatable to get the text, nor could they call
it and leave the security code. Would have been neat if they could fax it, probably not a hard thing to write an app that would send a fax, cold be some out there
already that could do that.