Last Active
  • Apple Pay accepted at 1 out of 2 U.S. stores, says Apple VP Jennifer Bailey

    There really isn't such a thing as an Apple Pay terminal. The signs are really just alerting you to the fact Apple Pay works there. All that is required is a payment terminal that accepts contactless payments. General advice, never tell a cashier Apple Pay. Just say Mastercard or whatever, then wait for the contactless symbol to come up. Some terminals just tell you to tap without the official symbol. Then tap your iPhone or Apple Watch.

    I use Apple Pay for the vast majority of my payments in stores here in Canada. Retailers that don't have contactless terminals are in the very small minority. Those holdouts (Lowes, Home Depot, Wally-Mart), I tend to avoid as much as possible. 

    I live right at the border and shop in the US, every few weeks. Just got to use my Apple Watch with CapitalOne Visa at requirement for pin or signature. My impression is that 50% is a REAL stretch!!
  • macOS Catalina 10.15.1 is now available with opt-in Siri review, support for AirPods Pro

    I must be the timing or whatever server you’ve been connected to. My download took around 20 minutes
  • Twitter's text-based two-factor authentication becomes a paid-only feature

    ranson said:
    This is an interesting choice with somewhat dubious reasoning: pay us $8 for the continuing privilege of using the least secure MFA mechanism.

    Most likely, the SMS's were too costly for Elon's liking, while Authenticator apps are both more secure and effectively free for Twitter to support. So from a financial perspective, it makes a lot of sense. From a security posture, forcing users off of SMS and over to an Authenticator app is a good long-term decision.

    However, the outright disabling of nonconforming users' existing SMS MFA on March 20 is a terrible idea, as it will expose what is likely millions and millions of accounts to being compromised, should their passwords have been previously harvested. This will particularly impact users who rarely access Twitter anymore, if at all. A better approach here would be to retain the SMS MFA on those users indefinitely, but require them to explicitly disable MFA or switch to an Authenticator app the next time they access Twitter after 3/20. You should never just turn someone's MFA off without their explicit approval.
    Your first sentence hits the nail on the head! What a ridiculous option coming from a “genius”