November 23[edit]

I have a need to publish a small article in Physical Review Letters. On Nov 9th I signed in (as usual I do not understand where I signed in to) but I presume that I ended up in a preliminary space where I need to be to find a link to upload my manuscript. I invented a user ID but the PW was automatically generated. Today I decided to find a place for uploading. No way, My simple password was unexpectedly rejected. How come? Not the first time. Fighting the PW system takes a lot of my time. One surprise might be an announcement that I need to look into my email to see a code for verification. It never arrives. Why not sending a code to my cellphone? This is the most reliable way, but it's used not universally. What is the problem? How to design a simple and reliable way for verification?. AboutFace 22 (talk) 00:24, 23 November 2022 (UTC)[reply]

The problem is that malicious users and code exists too, and the services you're using are necessarily exposed to the Whole World Wide Internet, for better or worse.

We're undergoing a MFA renaissance now, as well, so your phone will be blowing up with TOTP codes; hopefully most of them are real. Your password resets will use your phone too, as soon as you reveal it to every single online service you use. Lost your phone or access to your SIM? Oops, your life is over. Plan for that like you plan for a lost purse/wallet. Elizium23 (talk) 00:30, 23 November 2022 (UTC)[reply]

Well, remember any system that is easy for you to use is easy for malicious actors to exploit as well. Security is by necessity going to obstruct easy access, and the more stringent the security, the more onerous it is always going to be for the legitimate user and the hacker alike. --Jayron32 19:09, 29 November 2022 (UTC)[reply]