All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
Upgrade the memory of your 2018 Mac mini up to 64GB
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$1199 $779
SAVE $420

$250 $200
SAVE $50

$1699 $1299
SAVE $400

$1499 $1149
SAVE $350

$200 $140
SAVE $60

$89 $69
SAVE $20

$120 $35
SAVE $85

$178 $148
SAVE $30

$3498 $2998
SAVE $500

$3699 $1299
SAVE $2400

$1000 $700
SAVE $300

$3899 $1499
SAVE $2400

$748 $648
SAVE $100

$2999 $1999
SAVE $1000

$1699 $999
SAVE $700

$1698 $1398
SAVE $300

$4499 $4499
SAVE $click

$1399 $1049
SAVE $350

$1149 $799
SAVE $350

$1399 $1049
SAVE $350

$1498 $1198
SAVE $300

$2797 $2597
SAVE $200

$280 $250
SAVE $30

$699 $699
SAVE $click

$1699 $1299
SAVE $400

$8399 $8399
SAVE $click

$899 $799
SAVE $100

$1699 $1299
SAVE $400

OWC Envoy Express

World’s first Thunderbolt 3 M.2 NVME SSD enclosure.

Super fast, bus-powered, 3.3 oz, DIY easy, rugged and compact!


See also OWC Express 4M2
√ No more slow and noisy hard drives!

A Pseudo-Security Trend: Password Reset and Locked Accounts

Last Friday, I was locked out of one of my email accounts by the provider because of “too many failed login attempts”.

None of which I made—it was someone trying to hack my account. I was told that this is a new “security feature”. But I have a good password, and I don’t want to be locked out of my account at any time.

In my case, I had to wait all weekend for a password reset, since this particular organization was closed on weekends. This pretty much makes this email provider useless for anything but trivial stuff; the account could be locked at any time.

What such security features really do is to play into the hands of hackers, allowing trivially easy denial of service attacks. Denial of service attacks are typically in the context of web sites (overwhelming a site), but can be applied to email or any kind of login account on a web site. For example:

  1. Dig up 100 million email addresses (many ways to do this).
  2. Fake login attempts N+1 times, where N is the cutoff for locking the account. Starting Friday night of course, so customer support staff are thinned out.
  3. Sit back and laugh as 100 million users find themselves locked out of their email, if only for a day or two.
  4. Repeat each day (hey, bot nets are cheap).

Variations include targeting specific providers. Web sites that lock accounts this way are in essence implementing denial of service support for hackers.

There are many other ways to approach this, other than this crude bludgeon. For starters, allowing the user to decline this behavior (perhaps requiring an especially strong password), an option to notify a user about activity, additional prompts if a login occurs after failures, two factor authentication including apps like Authy, etc.

Corollary — nuisance messsages from “password reset” dialogs

Apple provides an iForgot.apple.com site to reset a password. It’s an ongoing headache for me, since Apple kicks me over there if I type my password wrong just twice (which I do sometimes do if my hands are stiff and cold). Very annoying behavior. But 1Password eliminates that issue for me now. Except not in iTunes or the AppStore, where 1Password doesn’t apply. So it still gets me on a regular basis.

That is relatively minor. The bigger headache is the regular recept of this message below, which is some hacker-generated thing (not me). And sometimes this is followed or preceded by an Apple “account locked” email, similar to that discussed above. Ditto for my Apple Developer account, which generally locks me out every month or so.

Nuisance email

2-factor authentication

Apple has a 2-step authentication approach for purchases, but it’s unclear if it has been applied the idea to the above nuisance factors. Now enabled, MPG will soon see.

Apple 2-step verification security enabled
OWC Envoy Pro EX SSD
Blazingly fast Thunderbolt 3 SSD!

Up to 4TB capacity, USB-C compatible.

USB-C model also available


Great for travel or for desktop!
OWC Thunderblade Thunderbolt 3 SSD

Blazing fast, up to 16TB.

YEE HAH!



√ No more slow and noisy hard drives!
OWC Accelsior 4M2 PCIe SSD
6000 MB/sec!
Mac or PC.


Ideal for Lightroom, Photoshop, video.
Capacity up to 16TB!

Save the tax, we pay you back, instantly!
View all handpicked deals...

LG UM7370PUA 70" Class HDR 4K UHD Smart LED TV
$1199 $779
SAVE $420

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__