Death of the cloud?

[GoSeigen]

tl;dr: Is excessive interconnectedness and lax or excessive (yes both simultaneously) going to be the death of cloud services?


How far off do people think we are from the death of the cloud, or to be clearer about what I mean, that moment people decide they would rather have their devices offline more than they want them online because of the extra hassle of having to deal with "cloud stuff"?

I ask because I am more frequently getting atrocious situations where I waste hours at a time trying to resolve a stupid cloud-related issue that is not of my own making. Today is a case in point. My wife's iPhone stopped receiving incoming tests and calls. No warning, no errors, account is paid up, network is connected outgoing calls work, but no incoming calls or texts.

We discovered this problem trying to log in to an investment account (it's ii). You have to use 2FA.
No incoming texts. Okay how about recovery code?
Nope, ii screwed up the recovery code when they moved from old-style numbered usernames to email addresses.
ii recovery code no longer works and of course there is no obvious way to obtain a new recovery code.

So we have to try to establish why texts are not arriving. Most obviously a glitch with IOS.
Sure enough, iMessage settings say "waiting for activation". So you go through the whole process. Turn off and on iMessage. Power down the phone. Reset the phone. Reset the network settings. Nothing helps.
So the message app is not going to activate (whatever that means).

The next recommended action is to log out of your apple account and log back in.
Bad mistake. To log back in you have to use 2FA to verify your account. But of course you texts aren't arriving and you are not getting incoming calls.
There is NO other way to sign in to your apple account, short of Account Recovery which takes "several days".
I go through account recovery anyway to get the process started in case that is all I can do.
Apple account recovery requires the card details I use to make payments on my apple account. They want the CVV. It happens to be a virtual card so I have to log in to my bank for the latest CVV.
Luckily my bank uses a different phone for 2FA otherwise god knows where I'd be!
Account recovery initiation is complete, I must wait a few days.

Well now, let's just make sure there isn't another cause for the messages not arriving, if they can be fixed everything is rosy again.
So we call the SIM provider. I'm not in the UK but my SIM has worked flawlessly the entire time I've been abroad until Tuesday when the last incoming text arrived.
They say try manual connection to another network. No other network accepts my SIM, only the one I use all the time.
They say maybe the network is refusing to connect your phone because you've been roaming too long. I ask "what if I can make outgoing calls?" They say then it will probably be a different issue.
Guess what? I can make outgoing calls. But still no incoming texts or calls.


The whole thing is ludicrous and the interconnectedness of everything is alarming. There is no-one in the world who can persuade me that this is better that the situation that existed before everything started going cloud and 2FA. I can only see it getting worse. It could very easily get worse by everyone being forced to pay for these services. (Or pay more.)

I think I'm lucky that I've escaped the bulk of these problems so far because I've carefully avoided having everything interconnected, but that is getting more and more difficult. The 2FA thing is a big cause -- everything runs through one phone/SIM now, it's a classic single point of failure. Do we have to have multiple phones now and organise their use for different purposes?

I'm a committed user of WhatsApp too because it is essential for communicating with my contacts. WhatsApp also has the bizarre and ridiculous system of being tied to a single phone number without a username system. It causes unbelievable hassle when a phone is lost or SIM passes to new ownership if you haven't planned ahead.

And recently multiple of my contacts have somehow had their WhatsApp account compromised with their friends being sent scam-style messages.

Another thing that alarms me is that banks implement these amazing whizzy 2FA/passcode generating devices/phone apps that produce security codes to make their desktop websites Fort-Knox-level secure, yet their phone apps have the flimsiest of security. Some of my financial apps (issued by Halifax) require just three letters from my password to access them! Others only require a slightly longer password. I suppose there is a way to force entry of more security information at login but how many people would do that? They obviously prefer ease of use.


This is something of a rant but back in the early 2010s I predicted that cloud services would mature and then become stale and people would return to' stand-alone systems again. I'm wondering if that day is rapidly approaching now...

GS

[U962]

When you signed up to the halifax app which I guess will be the same as the Lloyds one I'm more familiar with being all from the same stable you would have had to put in your full username, password, and three thingy's from the memorable word and also respond to the Halifax 2FA thingy either to your home phone or your mobile - this being at your choosing.

All of this means that the app on your phone has been "watermarked" for want of a better word to be locked to that phone....so thereafter only the three digits of your memorable name are required as when you start the app it say "authorising" meaning its checking the 'watermarking' is valid.

Your problem sound like some sort of hiccup between your normal UK mobile phone providing service company and whomever is providing the roaming service when you are where you are. So the message app cannot connect to any 'message centre' at the roaming telco's as its not authorised to do so.

[GrahamPlatt]

https://support.apple.com/en-gb/102660

So what you’re saying, GS, is that your wife has only the one “trusted device”, or ‘phone number. No fallback option.
Add another one for future glitches.

HTH.

[88V8]

tl;dr: Is excessive interconnectedness and lax or excessive (yes both simultaneously) going to be the death of cloud services?

I do agree that we rely to an alarming extent on our phones post-2FA, even me who does not have a smartphone, and only eats apples.

Some cos are more accommodating - Paypal will text or call me, or ring my landline.

But I never planned to be so reliant on what is, as you say, a single failure point. Last time I lost my phone, it was pre-2FA and that was quite enough bother.

V8

[XFool]

...And some people say card readers are "inconvenient".

[Lootman]

tl;dr: Is excessive interconnectedness and lax or excessive (yes both simultaneously) going to be the death of cloud services?

I do agree that we rely to an alarming extent on our phones post-2FA, even me who does not have a smartphone, and only eats apples.

Some cos are more accommodating - Paypal will text or call me, or ring my landline.

But I never planned to be so reliant on what is, as you say, a single failure point. Last time I lost my phone, it was pre-2FA and that was quite enough bother.

I have a smart phone but hate the idea that I might ever be in a situation where I had no alternative. Twice my phone has frozen at a railway station, once when my ticket was only on my phone, and once when I had to meet someone off a train at Euston.

There was one time I had to take my second choice of a parking space because the first required that I use a phone.

2FA has been less of a problem but I can easily see how it could be.

And someone in a shop or business telling me that "you could do that on the app" gets a very frosty response from me. (Natwest may be the worst offender although the regular staff at my local branch know not to say that to me any more. I feel sure that they have a nickname for me, probably with the words "curmudgeon" and "luddite" in it somewhere).

[Maroochydore]

I feel sure that they have a nickname for me, probably with the words "curmudgeon" and "luddite" in it somewhere).

Wear them with pride

[Niksen]

We discovered this problem trying to log in to an investment account (it's ii). You have to use 2FA.
No incoming texts.

That’s not “the cloud”, it is just a bad implementation of 2FA with only texts as the second level of authentication.

In fact it is non-cloud as it is possible to be, as sending a text using a telephone network is pretty old fashioned (and insecure) one to one communication.

A far better implementation of 2FA is an authenticator app, which your wife’s iPhone natively supports without needing to install a separate app, is backed up to iCloud in case of losing or breaking the phone, and would be available on any linked devices such as an iPad or Mac.

That with recovery codes and a separate device for those who cannot or don’t wish to use an authenticator app is a far better implementation.

[Nocton]

GoSeigen said: "We discovered this problem trying to log in to an investment account (it's ii). You have to use 2FA. "

No, you don't. My wife and I have ii accounts, but always access them via our PCs. After they introduced 2FA with a text to our smart-phone, one time our mobile access was down and I could not get into my ii account for hours. So I checked with ii and they agreed to turn it off/remove my mobile phone no.

It seems to me that 2FA with the log-in code going to the same device as you are using to access your account is not really any more secure than not using 2FA or, as the OP has found, it can cause a lot of hassle.

For us, with ii we asked for the log-in code for 2FA to go to our land-line, which is more secure and reliable, but they would not. Full marks therefore to organisations like HMRC or Yorkshire Building Society which give you the choice.

[Niksen]

It seems to me that 2FA with the log-in code going to the same device as you are using to access your account is not really any more secure than not using 2FA

You are correct, it isn't,

A far more sensible implementation of log-in security on a phone is via biometric authentication, and if they really must, then just leaving the insecure text 2FA authentication to authenticating transactions (although again biometric authentication through the device is better).

But for goodness sake, for anyone that does use a finance company that sends text security codes then you must turn off message preview on a locked screen on your phone.

[Infrasonic]

My redundancy extends to having two 5G smartphones phones on different networks plus an old working spare (Pixel 3a with a recent new battery courtesy of iSmash and a steep discount code) - in case of issues with either of the two main phones.
All three phones can do biometric access - 2 fingerprint only - one fingerprint plus facial recognition (Pixel 8 Pro).
All my banking apps are set up biometric. If that fails for some reason it will default to the second layer password/a n other option.
All Phones run free Tailscale overlay.

Desktop PC and a laptop (Chromebook currently but looking at getting a W11 laptop as well). Banking browser access across the board, Tailscale on native OS' and containers (Android + Linux).

Two 2FA authenticator apps - MS and Google on all phones. Looking at Bitwarden as a main replacement there as it's multi device use is better and it also works with FIDO2 hardware keys like Yubikey - even on the free edition. Paid individual account is only £10 a year.

Proton Drive + Sync.com E2EE cloud drives. (There are E2EE upload only 'vault' options with Google Drive and free OneDrive but they are very restricted, they only open up to be actually useful if you pay...). Any file/folder shares to third parties are via anonymised Proton/Sync cloud only with time limited and/or password protected URL's.

Many accounts have two email addresses listed so that in the case of an email address compromise locking out that method of 2FA the secondary email account on a different ecosystem will still be active.

All MS/Google accounts plus email/social media etc are authenticator app 2FA enabled. If you look through the security section of say your MS account online you might see multiple attempts at log in that have failed - with 2FA even if they brute force a password they still can't get in.

Again the majors here will offer you multiple ways of accessing accounts if any one 2FA route fails.
You could have Authenticator apps and hardware keys set up if you want in addition to secondary email or SMS (less secure).

[XFool]

My redundancy extends to having two 5G smartphones phones on different networks plus an old working spare (Pixel 3a with a recent new battery courtesy of iSmash and a steep discount code) - in case of issues with either of the two main phones.
All three phones can do biometric access - 2 fingerprint only - one fingerprint plus facial recognition (Pixel 8 Pro).
All my banking apps are set up biometric. If that fails for some reason it will default to the second layer password/a n other option.
All Phones run free Tailscale overlay.

Desktop PC and a laptop (Chromebook currently but looking at getting a W11 laptop as well). Banking browser access across the board, Tailscale on native OS' and containers (Android + Linux).

Two 2FA authenticator apps - MS and Google on all phones. Looking at Bitwarden as a main replacement there as it's multi device use is better and it also works with FIDO2 hardware keys like Yubikey - even on the free edition. Paid individual account is only £10 a year.

Proton Drive + Sync.com E2EE cloud drives. (There are E2EE upload only 'vault' options with Google Drive and free OneDrive but they are very restricted, they only open up to be actually useful if you pay...). Any file/folder shares to third parties are via anonymised Proton/Sync cloud only with time limited and/or password protected URL's.

I'm still using my trusty Nokia 1100.

Works for me...

Though I did spy a couple of tempting new Feature Phones for sale recently, in the window of a local shop...

Easy does it.

[Urbandreamer]

I ask because I am more frequently getting atrocious situations where I waste hours at a time trying to resolve a stupid cloud-related issue that is not of my own making. Today is a case in point. My wife's iPhone stopped receiving incoming tests and calls. No warning, no errors, account is paid up, network is connected outgoing calls work, but no incoming calls or texts.

GS

Assuming that your wife's Iphone has a physical SIM, a simple cheap temporary solution is to take the SIM out of her phone and put it into a dumb phone (like Xfool suggests).

As said, it's not a cloud issue at all, but a phone issue.
Of course, this is also possible for someone who stole your wife's phone in most cases.
You can and SHOULD set a PIN required to access the SIM, but most people don't do so.

Re other methods of 2FA, I also really admire the security. Sadly of the financial institutions that I deal with only A J Bell use google authenticator and Nationwide a card reader.

Some of us regard security as a hassle that we should not be required to put up with. Others regard the hassle as a simple requirement for security. I fall into the latter group and am irritated that so many financial organizations require the less secure SMS 2FA.

Ps if using better forms of security, don't forget a backup method to recover if/when your hardware fails.

[Niksen]

All Phones run free Tailscale overlay.

Tailscale is a very nifty thing. Easy to set up and free for personal use.

I recently found I could install it on a Firestick and then use it with an exit node at home to avoid geo-blocks on streaming TV whilst away. Obviously you could do that with a paid VPN, but for free it was even better.

Also handy to use for other geo-blocked apps, such as the library book and magazine reader Libby that doesn't want to work when you are outside the UK.

[Infrasonic]

Tailscale's main ease of use feature is that you don't need to set up DDNS if you want to have an internet accessible NAS/other device at home/office and you don't have to start fiddling with port forwarding on routers.

It also has loads of techie features that will require quite extensive networking knowledge if you want to implement them, but the basic working setup is install app on all client devices, sign in and go.

Up to 3 users + 100 devices for free...https://tailscale.com/pricing

[Mike4]

I ask because I am more frequently getting atrocious situations where I waste hours at a time trying to resolve a stupid cloud-related issue that is not of my own making. Today is a case in point. My wife's iPhone stopped receiving incoming tests and calls. No warning, no errors, account is paid up, network is connected outgoing calls work, but no incoming calls or texts.

GS

Assuming that your wife's Iphone has a physical SIM, a simple cheap temporary solution is to take the SIM out of her phone and put it into a dumb phone (like Xfool suggests).

I find myself wondering if someone unauthorised has swapped the sim in GS's wife's phone. This would be a simple explanation for outgoing calls still being possible, but the incoming calls and texts not arriving.

[88V8]

My redundancy extends to having two 5G smartphones phones on different networks plus an old working spare (Pixel 3a with a recent new battery courtesy of iSmash and a steep discount code) - in case of issues with either of the two main phones. ....

It's good that we have some uber-geeks on this forum, just as it's good that some of us have fairly deep knowledge of how our cars work, but it shouldn't be necessary for day-to-day life

V8

[Infrasonic]

My redundancy extends to having two 5G smartphones phones on different networks plus an old working spare (Pixel 3a with a recent new battery courtesy of iSmash and a steep discount code) - in case of issues with either of the two main phones. ....

It's good that we have some uber-geeks on this forum, just as it's good that some of us have fairly deep knowledge of how our cars work, but it shouldn't be necessary for day-to-day life

V8

Even the Amish have mobile phones these days...

[Urbandreamer]

My redundancy extends to having two 5G smartphones phones on different networks plus an old working spare (Pixel 3a with a recent new battery courtesy of iSmash and a steep discount code) - in case of issues with either of the two main phones. ....

It's good that we have some uber-geeks on this forum, just as it's good that some of us have fairly deep knowledge of how our cars work, but it shouldn't be necessary for day-to-day life

V8

The trouble is, as the OP is complaining about, that this IS day to day life.
If you don't consider redundancy and backup methods it WILL bite you in the A*^&.

On the CC thread someone remarked about credit cards being lost in ATM's when abroad. Another of needing to phone the bank from the other side of the world. In both cases they had alternatives, because they had considered the issue.

My daughter had terrible issues when she lost her phone. Given the prevalence of SIM 2FA, it can be difficult to request a new SIM having lost your phone. It is after all a known exploit to drain peoples bank accounts. Her only access to email was.... on the lost phone.

My son had problems receiving txt's about job interviews, because his phone was 3g and the network turned the signal off.

Live in the dark ages using cash only? Many places won't accept it.

I repeat, this IS day to day life for the majority of people in the UK.

[ukmtk]

Using a mobile as part of a 2FA is not considered secure due to SIM cloning.
I doubt it would be at all acceptable in a secure environment.
I use the Nationwide card reader (considered more secure) for online banking.
I also have a dedicated hardware code generator for work - where we use Microsoft 2FA.
I do use my mobile for 2FA for accessing Amazon/Google gmail.
Typically I then tick the "computer is secure" option - I normally only do this on a laptop that is only at home.
For credit cards I use mobile phone apps for accepting large purchases or logging on.
I do have a 6 digit PIN for accessing my phone.