On 7/13/2024 5:44 PM, micky wrote:

> for 20 years I carried 60 dollars in travelers checks in the trunk,
> but I stopped. I've thought about starting again.

Travelers checks?? My emergency stash hidden under the floormat was
cash cause everybody takes cash...

On 2024-07-13 18:39, AJL wrote:
> On 7/13/2024 5:17 PM, Alan wrote:
>> On 2024-07-13 17:06, AJL wrote:
>>> On 7/13/2024 4:20 PM, Chris wrote:
>>>> AJL <noemail@none.com> wrote:
>>>>> On 7/13/2024 11:45 AM, Chris wrote:
>>>>>
>>>>>> Most people use the same passcode on the lock screen as for
>>>>>> (banking) apps
>>>
>>>>> I doubt that. Any links...
>>>
>>>> https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2
>>>
>>> The link is locked for me...
>>
>> Try this:
>>
>> <https://archive.is/OsN5j>
>
> That link worked. Interesting article. I also live in a large metro area
> (Phoenix AZ US) and the same stuff happens here.
>
> But you said: "Most people use the same passcode on the lock screen as
> for (banking) apps" and I saw nothing in that piece to verify that.
> "Most" being over half the phone using population. I still doubt that
> assertion but also can't prove otherwise...
>

I didn't say that.

Sorry.

In comp.mobile.android, on Sat, 13 Jul 2024 18:39:43 -0700, AJL
<noemail@none.com> wrote:

>On 7/13/2024 5:44 PM, micky wrote:
>
>> for 20 years I carried 60 dollars in travelers checks in the trunk,
>> but I stopped. I've thought about starting again.
>
>Travelers checks?? My emergency stash hidden under the floormat was
>cash cause everybody takes cash...

I thought about that. Would the police take traveler's checks?. I had
only bought $20's for my trip and I saved the last 3, so it was not 50
but 60, and I figured worst comes to worst I could get $50 if I was
willing to sign over 60 to someone who was there acting personally. I
only spent a couple weeks in Chicago after I got back from th etrip, but
of course it's not just traffic tickets that can cause one to really
need money.

>

On 7/13/2024 6:45 PM, Alan wrote:
> On 2024-07-13 18:39, AJL wrote:

>> But you said: "Most people use the same passcode on the lock screen as
>> for (banking) apps" and I saw nothing in that piece to verify that.
>> "Most" being over half the phone using population. I still doubt that
>> assertion but also can't prove otherwise...

> I didn't say that.
>
> Sorry.

Ah. My error. Apologies...

On 2024-07-13 18:54, AJL wrote:
> On 7/13/2024 6:45 PM, Alan wrote:
>> On 2024-07-13 18:39, AJL wrote:
>
>>> But you said: "Most people use the same passcode on the lock screen as
>>> for (banking) apps" and I saw nothing in that piece to verify that.
>>> "Most" being over half the phone using population. I still doubt that
>>> assertion but also can't prove otherwise...
>
>> I didn't say that.
>>
>> Sorry.
>
> Ah. My error. Apologies...
>

No worries.

:-)

On 7/13/2024 6:49 PM, micky wrote:
> In comp.mobile.android, on Sat, 13 Jul 2024 18:39:43 -0700, AJL
> <noemail@none.com> wrote:
>
>> On 7/13/2024 5:44 PM, micky wrote:
>>
>>> for 20 years I carried 60 dollars in travelers checks in the
>>> trunk, but I stopped. I've thought about starting again.
>>
>> Travelers checks?? My emergency stash hidden under the floormat
>> was cash cause everybody takes cash...
>
> I thought about that. Would the police take traveler's checks?.

Depends on where you are I imagine. I do know that in Phoenix a normal
speeding citation requires only a signature, no matter where you're from...

> of course it's not just traffic tickets that can cause one to really
> need money.

I always carry cash just in case the cards didn't work. More than once
it's saved me when a store's system was down and they only took cash...

In comp.mobile.android, on Sat, 13 Jul 2024 19:07:56 -0700, AJL
<noemail@none.com> wrote:

>On 7/13/2024 6:49 PM, micky wrote:
>> In comp.mobile.android, on Sat, 13 Jul 2024 18:39:43 -0700, AJL
>> <noemail@none.com> wrote:
>>
>>> On 7/13/2024 5:44 PM, micky wrote:
>>>
>>>> for 20 years I carried 60 dollars in travelers checks in the
>>>> trunk, but I stopped. I've thought about starting again.
>>>
>>> Travelers checks?? My emergency stash hidden under the floormat
>>> was cash cause everybody takes cash...
>>
>> I thought about that. Would the police take traveler's checks?.
>
>Depends on where you are I imagine. I do know that in Phoenix a normal
>speeding citation requires only a signature, no matter where you're from...
>
>> of course it's not just traffic tickets that can cause one to really
>> need money.
>
>I always carry cash just in case the cards didn't work. More than once
>it's saved me when a store's system was down and they only took cash...

I carry cash too, but this was 1970 and 50 then is worth 300 or 400 now,
and I didn't carry that much. (And I was only 23 then.) In fact I still
don't. I've used cars more since covid. Before then when I was down to
50, I'd get 200. Now I get cash far less often, will go below 50, but
probably get 300.

On 13/07/2024 19:45, Chris wrote:
> David Wade <dave@g4ugm.invalid> wrote:
>> On 13/07/2024 15:17, Jörg Lorenz wrote:
>>> On 13.07.24 15:42, Andy Burns wrote:
>>>> Jörg Lorenz wrote:
>>>>
>>>>> The article is extremely unspecific how the accounts/mobiles were taken
>>>>> over. Not very helpful.
>>>>
>>>> Snatch the unlocked phone from the user's hands. Bonus points if they
>>>> can trick the owner into unlocking it, and then snatching it
>>>
>>> Seriously?
>>>
>>
>> Well that lets you onto the phone but most banking apps require the user
>> re-authenticate after switching to a different app. I suppose you can
>> then reset access to the passwords.
>
> Most people use the same passcode on the lock screen as for (banking) apps
> so the thief videos you typing in your code and then steals the phone. Now
> they get access to your phone AND money.
>
Yuk. I suppose on Apple that works. Once I know my Wifes passcode I can
access her password store and all her apps. I have android so the phone
unlock is pattern but the banking apps are a different code...

Dave

AJL <noemail@none.com> wrote:
> On 7/13/2024 5:17 PM, Alan wrote:
>> On 2024-07-13 17:06, AJL wrote:
>>> On 7/13/2024 4:20 PM, Chris wrote:
>>>> AJL <noemail@none.com> wrote:
>>>>> On 7/13/2024 11:45 AM, Chris wrote:
>>>>>
>>>>>> Most people use the same passcode on the lock screen as for
>>>>>> (banking) apps
>>>
>>>>> I doubt that. Any links...
>>>
>>>> https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2
>>>
>>> The link is locked for me...
>>
>> Try this:
>>
>> <https://archive.is/OsN5j>
>
> That link worked. Interesting article. I also live in a large metro area
> (Phoenix AZ US) and the same stuff happens here.
>
> But you said: "Most people use the same passcode on the lock screen as
> for (banking) apps" and I saw nothing in that piece to verify that.
> "Most" being over half the phone using population. I still doubt that
> assertion but also can't prove otherwise...

It might be an exaggeration on my part although the FT article mentions a
survey where "almost half" did.

Clearly it is common enough that the thefts are worthwhile.

AJL <noemail@none.com> wrote:
> On 7/13/2024 4:20 PM, Chris wrote:
>
>> Bank apps ask you to set a PIN as an added level of security. People
>> are lazy and don't want to remember another PIN so use the same one
>> as the phone lock screen.
>
> Depends on the bank app. Mine don't offer pin capability but do require
> long passwords using all types of characters.

That's sounds like a PITA.

> And initially 2FA on a
> new device.
>
>

On 7/13/2024 5:09 PM, AJL wrote:
> On 7/13/2024 11:45 AM, Chris wrote:
>
>> Most people use the same passcode on the lock screen as for
>> (banking) apps
>
> I doubt that. Any links...
>

That's common knowledge. I don't have links but I've seen
articles detailing how common it is for people to use passwords
like "password" or "1234". Most people don't expect to have to
actually deal with security. And why should they? They've
been led to think that cellphone apps are nothing but convenience
and roses. It's similar with computers.

I came up with a system
for the woman I live with. She uses the name of her last cat,
along with specific parts of the company she's logging into. That
formula allows her to have different passwords for every site.
Before that she just used the first letters of her kids' names
whenever she needed a password. If they also demanded a number
then she'd add "1". :)

The majority of humanity are not geeky or OCD-ish. They just
don't do passwords, much less PIN codes. It's too much to
remember.

On 7/14/2024 2:24 AM, Chris wrote:
> AJL <noemail@none.com> wrote:
>> On 7/13/2024 4:20 PM, Chris wrote:
>>
>>> Bank apps ask you to set a PIN as an added level of security.
>>> People are lazy and don't want to remember another PIN so use the
>>> same one as the phone lock screen.
>>
>> Depends on the bank app. Mine don't offer pin capability but do
>> require long passwords using all types of characters.
>
> That's sounds like a PITA.

PITA? Not for me. Because I'm one of those paranoid folks who don't keep
any banking (or investment) apps on my phone for security reasons. I
really don't have to do any phone banking while out. And it's easy
enough to save for home.

As far a pin vs password I find passwords easier. That's because I use a
formula for each site. Something like $ + my first employee number +
first 3 letters of site/app name + my second employee number + next 2
letters of the site/app name + the number 13. This is just an example
and it can give me a 15+ character password that I can easily remember
and type in in a just few seconds.

I use the formula for ALL my password requiring sites, sensitive or not.
I let Google remember and insert the non-sensitive ones.

Also I can remember and use my formula for ALL my sites, even at my age.
I doubt I (or most folks) could remember that many DIFFERENT pins...

On Sat, 13 Jul 2024 15:33:12 +0200, Jörg Lorenz <hugybear@gmx.net>
wrote:

>On 13.07.24 12:58, Java Jive wrote:
>> https://www.theguardian.com/money/article/2024/jul/13/mobile-banking-fraudsters-accounts-scams-refund-victims
>>
>> "Mobile banking: alarm as fraudsters take over handsets and raid accounts
>
>The article is extremely unspecific how the accounts/mobiles were taken
>over. Not very helpful.

Probably not the greatest idea to publicise how to take over a phone.

AJL <noemail@none.com> wrote:
> On 7/14/2024 2:24 AM, Chris wrote:
>> AJL <noemail@none.com> wrote:
>>> On 7/13/2024 4:20 PM, Chris wrote:
>>>
>>>> Bank apps ask you to set a PIN as an added level of security.
>>>> People are lazy and don't want to remember another PIN so use the
>>>> same one as the phone lock screen.
>>>
>>> Depends on the bank app. Mine don't offer pin capability but do
>>> require long passwords using all types of characters.
>>
>> That's sounds like a PITA.
>
> PITA? Not for me. Because I'm one of those paranoid folks who don't keep
> any banking (or investment) apps on my phone for security reasons.

The topic is mobile banking...

> As far a pin vs password I find passwords easier. That's because I use a
> formula for each site. Something like $ + my first employee number +
> first 3 letters of site/app name + my second employee number + next 2
> letters of the site/app name + the number 13. This is just an example
> and it can give me a 15+ character password that I can easily remember
> and type in in a just few seconds.

Some sites don't accept passwords longer than 8 or 9 chars and/or no
special character. What do you do then?

> I use the formula for ALL my password requiring sites, sensitive or not.
> I let Google remember and insert the non-sensitive ones.
>
> Also I can remember and use my formula for ALL my sites, even at my age.
> I doubt I (or most folks) could remember that many DIFFERENT pins...

The problem with a formula is that there too sites that have special
requirements - i.e. some require a special character, others require no
special character - and so you have think of another formula.

I gave up years ago and have a password manager. Much easier. Only one
password to remember.

Scott <newsgroups@gefion.myzen.co.uk> wrote:
> On Sat, 13 Jul 2024 15:33:12 +0200, Jörg Lorenz <hugybear@gmx.net>
> wrote:
>
>> On 13.07.24 12:58, Java Jive wrote:
>>> https://www.theguardian.com/money/article/2024/jul/13/mobile-banking-fraudsters-accounts-scams-refund-victims
>>>
>>> "Mobile banking: alarm as fraudsters take over handsets and raid accounts
>>
>> The article is extremely unspecific how the accounts/mobiles were taken
>> over. Not very helpful.
>
> Probably not the greatest idea to publicise how to take over a phone.

People need to know what to do to avoid being attacked.

On 7/14/2024 12:54 PM, Chris wrote:
> AJL <noemail@none.com> wrote:
>> On 7/14/2024 2:24 AM, Chris wrote:
>>> AJL <noemail@none.com> wrote:

>>>> Mine [bank apps] don't offer pin capability but do require long
>>>> passwords using all types of characters.

>>> That's sounds like a PITA.

>> PITA? Not for me. Because I'm one of those paranoid folks who don't
>> keep any banking (or investment) apps on my phone for security
>> reasons.

> The topic is mobile banking...

And my sentence above DOES refer to mobile banking. The lack of it for
security reasons. If you're going to play on topic cop you should be
going after my speeding citation comments and other more ghastly off
topic violations I'm guilty of in this holy Android group. Personally I
dislike a dead group. YMMV...

>> As far a pin vs password I find passwords easier. That's because I
>> use a formula for each site. Something like $ + my first employee
>> number + first 3 letters of site/app name + my second employee
>> number + next 2 letters of the site/app name + the number 13. This
>> is just an example and it can give me a 15+ character password that
>> I can easily remember and type in in a just few seconds.

> Some sites don't accept passwords longer than 8 or 9 chars and/or no
> special character. What do you do then?

As I said, the above formula is just an example. It can be adjusted to
work with any site.

> I gave up years ago and have a password manager.
> Much easier. Only one password to remember.

Sounds scary. Google "password manager dangers". Some results:

"The same thing that makes password managers so convenient for you—all
your passwords are easily accessible in one spot—also represents the
greatest risk. If your personal device is infected with malware, then
cybercriminals can steal your master password and take control of your
vault."

"While LifeLock has had several other issues over the years, in December
2022, LifeLock revealed that it had experienced a data breach resulting
in more than 6,000 of its customers losing access to their password
managers. Hackers had used a technique known as “credential stuffing” to
take control of these customers"

"Password manager programs are a target for hackers. It's not easy to
login using multiple devices. If the main password is used/typed/saved
on a computer with malware, your main password can compromise all your
other passwords controlled by the PM"

BTW the topic is mobile banking. Give yourself 3 demerits... ;)

AJL <noemail@none.com> wrote:
> On 7/14/2024 12:54 PM, Chris wrote:
>> AJL <noemail@none.com> wrote:
>>> On 7/14/2024 2:24 AM, Chris wrote:
>>>> AJL <noemail@none.com> wrote:
>
>>>>> Mine [bank apps] don't offer pin capability but do require long
>>>>> passwords using all types of characters.
>
>>>> That's sounds like a PITA.
>
>>> PITA? Not for me. Because I'm one of those paranoid folks who don't
>>> keep any banking (or investment) apps on my phone for security
>>> reasons.
>
>> The topic is mobile banking...
>
> And my sentence above DOES refer to mobile banking. The lack of it for
> security reasons. If you're going to play on topic cop

Who's playing cop? I was simply reminding you of the context hence why I
thought your response was a PITA in the context of mobile phones.

>>> As far a pin vs password I find passwords easier. That's because I
>>> use a formula for each site. Something like $ + my first employee
>>> number + first 3 letters of site/app name + my second employee
>>> number + next 2 letters of the site/app name + the number 13. This
>>> is just an example and it can give me a 15+ character password that
>>> I can easily remember and type in in a just few seconds.
>
>> Some sites don't accept passwords longer than 8 or 9 chars and/or no
>> special character. What do you do then?
>
> As I said, the above formula is just an example. It can be adjusted to
> work with any site.

Not IME. Many sites have mutually exclusive rules.

>> I gave up years ago and have a password manager.
>> Much easier. Only one password to remember.
>
> Sounds scary. Google "password manager dangers". Some results:
>
> "The same thing that makes password managers so convenient for you—all
> your passwords are easily accessible in one spot—also represents the
> greatest risk. If your personal device is infected with malware, then
> cybercriminals can steal your master password and take control of your
> vault."

Obviously google is going to return you worst case scenarios.

The reality is that weak passwords are a far higher risk for most people
which a password manager resolves.

I now can have 50 character passwords for places which accept them and 8
character ones for others.

> "While LifeLock has had several other issues over the years, in December
> 2022, LifeLock revealed that it had experienced a data breach resulting
> in more than 6,000 of its customers losing access to their password
> managers. Hackers had used a technique known as “credential stuffing” to
> take control of these customers"

Use a decentralised manager where you are the only person in possession of
your vault, where it's stored and the master password.

> "Password manager programs are a target for hackers. It's not easy to
> login using multiple devices. If the main password is used/typed/saved
> on a computer with malware, your main password can compromise all your
> other passwords controlled by the PM"

There'sa big if there. That's why things like FaceID and TouchID help. You
don't type the master password.

Jörg Lorenz wrote:

> Andy Burns wrote:
>
>> Snatch the unlocked phone from the user's hands. Bonus points if they
>> can trick the owner into unlocking it, and then snatching it
>
> Seriously?
That's a warning doing the rounds over here, approach someone, convince
them they're cute, ask them to add you to their contacts, when they get
their phone out and unlock it, steal it.

Newspapers with stories of individuals stealing a dozens of phones per
hour, in city centres or at festivals.

On 14/07/2024 00:20, Chris wrote:

> Not the same thing. Bank apps ask you to set a PIN as an added level of
> security. People are lazy and don't want to remember another PIN so use the
> same one as the phone lock screen.

I have no idea why the banks have recently made the security of their apps weaker. I have two banking apps on my phone, each of them used to have a longish alphanumeric password that I had chosen (two different passwords of course). But recent compulsory "upgrades" to each App have made me chose a 5-digit or 6-digit PIN. I have chosen different PINs and neither is the same as the one I use to unlock the phone, but all the same it's obviously less secure than before. Can anyone think why on earth they have done that? It seems crazy to me.

--
Clive Page

AJL wrote:

> Chris wrote:
>
>> https://www.ft.com/content/26be349d-4717-4815-a221-a749e29de2b2
>
> The link is locked for me...
Go to google, search for 26be349d-4717-4815-a221-a749e29de2b2
follow the result link it gives you, that'll work based on cookies
and/or referrer

Am 15.07.24 um 09:45 schrieb Andy Burns:
> Jörg Lorenz wrote:
>
>> Andy Burns wrote:
>>
>>> Snatch the unlocked phone from the user's hands. Bonus points if they
>>> can trick the owner into unlocking it, and then snatching it
>>
>> Seriously?
> That's a warning doing the rounds over here, approach someone, convince
> them they're cute, ask them to add you to their contacts, when they get
> their phone out and unlock it, steal it.
>
> Newspapers with stories of individuals stealing a dozens of phones per
> hour, in city centres or at festivals.

Has absolutely nothing to do with smartphones and nothing with the story.

--
"Gutta cavat lapidem." (Ovid)

On Mon, 15 Jul 2024 14:48:38 +0100
Clive Page <usenet@page2.eu> wrote:

> On 14/07/2024 00:20, Chris wrote:
>
> > Not the same thing. Bank apps ask you to set a PIN as an added
> > level of security. People are lazy and don't want to remember
> > another PIN so use the same one as the phone lock screen.
>
> I have no idea why the banks have recently made the security of their
> apps weaker. I have two banking apps on my phone, each of them used
> to have a longish alphanumeric password that I had chosen (two
> different passwords of course). But recent compulsory "upgrades" to
> each App have made me chose a 5-digit or 6-digit PIN. I have chosen
> different PINs and neither is the same as the one I use to unlock the
> phone, but all the same it's obviously less secure than before. Can
> anyone think why on earth they have done that? It seems crazy to me.
>
>

What is the banks' explanation?

--
Davey.

On 15/07/2024 17:05, Davey wrote:
> On Mon, 15 Jul 2024 14:48:38 +0100
> Clive Page <usenet@page2.eu> wrote:
>
>> On 14/07/2024 00:20, Chris wrote:
>>
>>> Not the same thing. Bank apps ask you to set a PIN as an added
>>> level of security. People are lazy and don't want to remember
>>> another PIN so use the same one as the phone lock screen.
>>
>> I have no idea why the banks have recently made the security of their
>> apps weaker. I have two banking apps on my phone, each of them used
>> to have a longish alphanumeric password that I had chosen (two
>> different passwords of course). But recent compulsory "upgrades" to
>> each App have made me chose a 5-digit or 6-digit PIN. I have chosen
>> different PINs and neither is the same as the one I use to unlock the
>> phone, but all the same it's obviously less secure than before. Can
>> anyone think why on earth they have done that? It seems crazy to me.
>>
>>
>
> What is the banks' explanation?

Very amusing. Have you tried to get a bank to answer a question like that recently?

--
Clive Page

On 15/07/2024 17:05, Davey wrote:
> On Mon, 15 Jul 2024 14:48:38 +0100
> Clive Page <usenet@page2.eu> wrote:
>
>> On 14/07/2024 00:20, Chris wrote:
>>
>>> Not the same thing. Bank apps ask you to set a PIN as an added
>>> level of security. People are lazy and don't want to remember
>>> another PIN so use the same one as the phone lock screen.
>>
>> I have no idea why the banks have recently made the security of their
>> apps weaker. I have two banking apps on my phone, each of them used
>> to have a longish alphanumeric password that I had chosen (two
>> different passwords of course). But recent compulsory "upgrades" to
>> each App have made me chose a 5-digit or 6-digit PIN. I have chosen
>> different PINs and neither is the same as the one I use to unlock the
>> phone, but all the same it's obviously less secure than before. Can
>> anyone think why on earth they have done that? It seems crazy to me.
>>
>
> What is the banks' explanation?

First Direct did something similar, their claim was 'use ... on more than
one device'. That may just have meant they were switching software to match
HSBC, which already had 6 digit PINs and multiple devices; or maybe some
devices only allow numeric input.

Tweed wrote:

> It’s usually a sim swap fraud. Somehow convince the mobile operator to port
> the number to another mobile operator where the new sim is in the
> possession of the fraudster.

Whenever I've requested porting my number to a different operator, I've
received texts giving 24 or more hours notice to port.

Which operators *don't* operate such a safeguard?