Log In | Subscribe | | |

Let's make all logins use an OTP

Editorial Staff

This conversation did not happen but it's easy to see how it might have done... An On Line shopping service brings in an IT Security Consultant.

Company: I can't even read SMS easily, then I have to manually key it into my desktop keyboard. It's all very inconvenient. And the range of places my phone could be are infinite: it may be in any of the rooms in the flat, in the car, in last night's hotel room, on someone else's bedside table or left in a bar, on an aeroplane or dropped in a toilet in a random bathroom. Moreover, if we are sending through a bulk SMS service that spammers use, people like me have blocked those incoming numbers so messages won't get through anyway.

ITSC: I'm going to write my recommendation to the Board and it will say we should use OTP on each log in regardless of the device used to log in. I note your objections but they don't affect my advice.

Company: Right. You do know that the dog's just an excuse, don't you, and that you are such a prick that she'd leave you anyway? Now, let's get onto the question of how we identify and cross-refer payments made into our bank by bank transfer. I understand you've got some way of dealing with that which leaves the customer to do all the work, where we don't cross reference money that comes into our account with orders placed and if a customer cancels an order, you think we should hold onto their money and tell them it's in a wallet that they can take the money out of when they want to instead of just doing the decent thing and sending it back where it came from. Also, when they send a screenshot of the payment, our graphics filters will make otherwise clear images unreadable. Genius. Let's find out what your reasons for all of this are.

ITSC: We'll have to have meeting about that on another day. I've got something to do now.

[That meeting never took place: the ITSC made his recommendations as to the making of payments by bank transfer and they were accepted]


Conversazioni Fittizie is satire. That means it's not true. It is comedic writing with an edge. But it's not true. So, because we make that clear, we cannot be sued for libel. If you read our material anywhere else on the web, it has been copied without our consent. We specifically deny any right to reproduce our material for any purpose whatsoever, including in the USA where people steal all kinds of stuff, then put a note on it saying something like "I don't own this - I'm just posting it for education and/or research purposes. Well, screw that: this is pure entertainment. No education or research value here. If you want to copy our content, do a syndication deal and pay for it. People who illegally copy and republish our material are criminals. Further, this is satire. If you believe it you're an idiot and should not be allowed near deep water, traffic or a computer. Nothing in the above article is true. The conversation did not happen. At all. Ever. Is that clear?