Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.

Yep. Even easier if the information ("correct" answers) are available via Google.

But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.

Their thinking seems to be:

1. So, one username / password isn't enough.

2. A second password should be enough, but it will use the same username as in #1.

3. And that second password should be SUGGESTED to be based upon something that can be researched / socially engineered / tricked out of the person.

4. And entered using the same channel as #1.

Okay, if you cannot get two factor authentication then at least use a different email address for each bank AND ONLY FOR THAT BANK. Email addresses are free. And always use completely unique passwords. Not bankname1 and bankname2.

The same for the "security" questions. Always completely unique.

If you have to write them down, do so. Just keep the paper in a secure location. It's far less likely that someone will break into your house to look for passwords than it is that someone will crack your computer.

I was just being mischievous. I think the editors are... adequate.

Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?

NO!!! It does NOT!!!

1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.

2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.

3. Find a bank / credit union that uses real two factor authentication.

Read carefully and you'll notice the government said he'd even have to accept the consequences of speaking out and engaging in constructive protest: they decree you can dissent against their rule, and that's well and good, as long as they can punish you for your dissent--which is precisely the situation in North Korea, where you may speak out against Kim Jong-Un, and, importantly, accept the consequences of speaking out against him.

Exactly.

If the end result of civil disobedience is the exact same in the USofA as in North Korea ... then what is the difference?

The politicians demanding martyrdom would be just as comfortable working for North Korea's government as they are working for the USofA's government.

And THAT is a very big problem.

Gamergate was ignored because gamergate is not news.

My problem with it is that even if the initial event happened EXACTLY AS CLAIMED then it is still nothing.

The "story" became the reactions to that nothing event.

And then the reactions to those reactions to that nothing event.

And now we have a post mod'ed +5 Insightful for claiming that Gamergate wasn't covered.

I think he will probably get depressed and "commit suicide" while awaiting trial.

Bravo Sir... I saw you being oppressed right there. It's the violence inherent to the system.

I disagree heavily. Even the US isn't so dumb as to target a killing in Russia. They can get away with it in Pakistan who isn't going to fight back, but with Putin? There isn't a chance in hell. Putin has every reason to keep Snowden alive and happy in Russia if nothing else because it is a political black eye against the US. If he comes back to the US, he'll probably "commit suicide" in prison awaiting trial.

No kidding. They need to be dropped on to the street from a very high altitude.

The way DICE has treated it, it's worth about whatever I can find stuck between the lint at the bottom of the pockets of my pants. Everything they've done in the last 12-24 months has only served to devalue the site.

And also, from TFA:

If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and â" importantly â" accept the consequences of his actions.

He IS dealing with the consequences. That's why he left.

What Lisa Monaco is pushing for is martyrdom.

We are supposed to be a country of laws. We should not have officials demanding martyrdom of those who oppose their policies.

That's all I've got to say about that.

What depresses me bout software is how often we JUST DO NOT LEARN!

And not just software. Look at security as well. And so many other computer-related areas.

Software development seems to be riddled with arrogant know nothings who think they can cut corners or reinvent the wheel because doing the right way isn't "7337".

For me it's more like ... someone "learned" one way of handing it when s/he was working ALONE.

Then that person never learned that the practices need to be changed when you are part of a TEAM.

And releasing your code to the public is being part of a team.

My proposed solution is simply that they don't force updates on those who don't want them, and instead allow users to defer or completely ignore unwanted updates and only install software they want on their own computer. This solution looks remarkably like how previous versions of Windows have worked prior to the new policy.

I'm seeing conflicting messages about what you can and can't defer/block now. For example, some posters in this thread have said you could already block driver updates before, but other sources (including the article you linked to) imply that this was not previously the case and has now been changed in response to the Nvidia driver problems that triggered this discussion. In any case, this is all academic if they do the sensible thing and don't force any update on any unwilling recipient.

Certainly some of these companies do have decent customer support -- I don't mean to imply that such issues never get resolved.

The trouble is, unless they all have good support, there is a risk involved in having automatic updates that wasn't there before.

What I honestly don't understand after all the discussions here and elsewhere in recent days is why so many people seem to be defending Microsoft's position. If they're worried about security issues not being patched, they could just as well leave updates on by default but optional, so those who know what they're doing can take steps to apply the important patches with proper testing and without risking unwanted side effects, while those who just plug in and go will probably get exactly the same result as they would with compulsory updates anyway.

As far as I can see, there is literally no reason not to do this -- which is basically status quo for most systems today -- unless someone at Microsoft has intentions that mean they would want to push an update that a clued up user/sysadmin would not want to install, which is the only time it makes a significant difference whether or not the updates are mandatory.