Team-BHP > Shifting gears


Reply
  Search this Thread
2,338,227 views
Old 18th March 2021, 19:58   #6766
Senior - BHPian
 
Sebring's Avatar
 
Join Date: Apr 2011
Location: Dubai/Bengaluru
Posts: 3,759
Thanked: 11,644 Times
Re: The Online Shopping Thread

I've been using Bose BT Speaker for ages now. Works best
Quote:
Originally Posted by neoonwheels View Post
What I meant is, I want speaker which has mic in built but wont pick echo
Sebring is offline   (1) Thanks
Old 28th March 2021, 17:37   #6767
BHPian
 
concorde24's Avatar
 
Join Date: Aug 2016
Location: Chennai
Posts: 144
Thanked: 217 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by concorde24 View Post
Thanks Thad - i will go ahead and try with iHerb this time.
On shipping partner, I understand from the cart options that it is not DHL anymore and but Aramex.
The order placed on iHerb was delivered in 10 days, including document collection for KYC. I noticed that the item got shipped only after KYC confirmation which will save time on orders where product with customs but name mismatch.

It was a smooth experience and thanks @Thad for your feedback.
concorde24 is offline   (2) Thanks
Old 28th March 2021, 22:42   #6768
Team-BHP Support
 
bblost's Avatar
 
Join Date: Jul 2007
Location: Hyderabad
Posts: 11,118
Thanked: 16,349 Times
Re: The Online Shopping Thread

I used https://www.croma.com/ to buy an iPad.

It has this offer of cashback and no cost EMI for HDFC credit cards.
I selected the offer and completed the purchase with a HDFC credit card.

Chroma denies that I selected this offer and hence says I am not gonna get the cashback.

Its a matter of just 3k and I am not going to fight with Croma for it.

But the feeling that this website made a fool of me is something I will not forget and will never ever buy anything from this online portal ever again.

Every purchase from Flipkart and Amazon has left me feeling like it was a straight forward deal. But Croma left me feeling like a fool for having believed the website works.
bblost is offline   (15) Thanks
Old 29th March 2021, 13:03   #6769
Senior - BHPian
 
Jaguar's Avatar
 
Join Date: May 2006
Location: Bangalore
Posts: 1,234
Thanked: 2,787 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by bblost View Post
I used https://www.croma.com/ to buy an iPad.

It has this offer of cashback and no cost EMI for HDFC credit cards.
I selected the offer and completed the purchase with a HDFC credit card.

But Croma left me feeling like a fool for having believed the website works.

It could be a browser issue. Which browser did you use? Most of the sites are not tested to work properly on all browsers. The Croma website sucks, so do many others, which is why the likes of Amazon are so successful.

I bought a dryer from Croma last month. Just before entering the OTP, I realized that the instant cashback was not applied and I was being charged the full amount. Discarded the transaction and tried with another browser (Chrome I think) and managed to get the discount.
Jaguar is offline  
Old 29th March 2021, 13:43   #6770
Team-BHP Support
 
bblost's Avatar
 
Join Date: Jul 2007
Location: Hyderabad
Posts: 11,118
Thanked: 16,349 Times
Re: The Online Shopping Thread

I used Chrome browser. I selected the offer and it said offer applied. I then entered the credit card details and went to the OTP page.

Transaction was completed and I called Croma store. Then went and picked it up.

Spoke to the guy on the cashback as he said this will be done in 120 days. He also said the invoice gets generated after pickup and I will get it in 24 hours.

When I got the invoice later there was no mention of cashback. This prompted me reaching out to the customer support.
bblost is offline  
Old 29th March 2021, 14:23   #6771
Distinguished - BHPian
 
audioholic's Avatar
 
Join Date: Jun 2012
Location: BengaLuru
Posts: 5,814
Thanked: 20,407 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by bblost View Post
Spoke to the guy on the cashback as he said this will be done in 120 days. He also said the invoice gets generated after pickup and I will get it in 24 hours.

When I got the invoice later there was no mention of cashback. This prompted me reaching out to the customer support.
Cashback is usually a HDFC offer and wont be shown on the Croma invoice. I have brought more than five apple devices so far from Croma, all offline in store buys. What we get is a mention of the cashback in the card chargeslip. It would be written towards the end. Since yours is an online purchase, I believe that wasnt mentioned. But usually it has worked all the time for me and the cashback would appear in the third or fourth statement. And regarding invoice it would automatically be mailed to you.

In general I have found Croma experience to be top notch. Even today, I can access the invoices dating to 2016 with just one call to the customer care with my registered mobile number. I found it useful when I wanted to sell my iPhone last year to Cashify and they asked for an invoice. Got it within two minutes of calling the CC.
audioholic is offline   (2) Thanks
Old 2nd April 2021, 01:23   #6772
BHPian
 
diyguy's Avatar
 
Join Date: Jun 2009
Location: Chennai
Posts: 518
Thanked: 581 Times

Anyone getting warnings on amazon app - a data breach on a site or app exposed your password. Google recommends changing your password on amazon.in now.
This is happening on the new Android 11 update on my wife's oneplus nord. I am not getting the similar alert on my older op5.
diyguy is offline  
Old 2nd April 2021, 13:35   #6773
Distinguished - BHPian
 
saket77's Avatar
 
Join Date: Dec 2012
Location: India
Posts: 4,606
Thanked: 13,283 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by diyguy View Post
Anyone getting warnings on amazon app - a data breach on a site or app exposed your password. Google recommends changing your password on amazon.in now.
This is happening on the new Android 11 update on my wife's oneplus nord. I am not getting the similar alert on my older op5.
My iPhone says same for aliexpress and amazon as well. I changed both some time ago but this warning has popped up again.
Actually with so many login ids across sites and devices, I am finding it difficult to be creative enough for passwords.
saket77 is offline  
Old 9th April 2021, 10:20   #6774
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 3,675
Thanked: 5,697 Times
Re: The Online Shopping Thread

I'm not sure what to make of this news item:

https://theprint.in/india/governance...x-this/636083/

First glance, this sounds like a great idea. But the implementation plan seems a bit impractical. This, for example:

Quote:
...a team of experts possessing the required domain knowledge and expertise to investigate the reviews [who] will work as content regulators, [...] help in flagging fake reviews
binand is offline   (2) Thanks
Old 10th April 2021, 09:42   #6775
BHPian
 
Join Date: Nov 2004
Location: World
Posts: 123
Thanked: 214 Times
Amazon broken into ?

Quote:
Originally Posted by diyguy View Post
Anyone getting warnings on amazon app - a data breach on a site or app exposed your password. Google recommends changing your password on amazon.in now.
This is happening on the new Android 11 update on my wife's oneplus nord. I am not getting the similar alert on my older op5.

While I haven't received any such warning so far (I don't have Android 11, if that matters), I have noticed something curious in my Amazon profile the other day -- it showed that 14 devices were allowed to log in without an OTP! I've never logged in from more than 3 or 4 devices in total, let alone 14. No one else was ever allowed by me to log into my account either.

Thankfully, There was no other obvious signs that my account was broken into. I, of course, have immediately blocked any device from logging in without an OTP, and changed my password too.

But I'm completely puzzled as to how could it have happened in the first place. If any hacker can find out my password somehow, how come one is allowed to log in without an OTP? What's the use of a 2-factor authentication if it is not on by default, and any new device can log in at will if the password is somehow leaked?
.
meerkat is offline  
Old 10th April 2021, 10:51   #6776
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 3,675
Thanked: 5,697 Times
Re: Amazon broken into ?

Quote:
Originally Posted by diyguy View Post
Anyone getting warnings on amazon app - a data breach on a site or app exposed your password. Google recommends changing your password on amazon.in now.
This is happening on the new Android 11 update on my wife's oneplus nord. I am not getting the similar alert on my older op5.
Not sure about this, but I believe what Google is warning you about is a compromised password - that is, the password you use on Amazon is compromised (ie, present in a leaked list of passwords somewhere). The leak could have happened from any site, not necessarily Amazon.

Also it is a relatively new feature of Google Account (2 years-ish?), so might not be present in older versions of Android.

Quote:
Originally Posted by saket77 View Post
Actually with so many login ids across sites and devices, I am finding it difficult to be creative enough for passwords.
I suggest using a password manager that can generate strong passwords for you. Google itself has one, so does Firefox, and there are several third-party ones.

I also have this bookmarked (for the rare scenario where I need to generate a password myself): https://mkpasswd.web-tool.net/

Quote:
Originally Posted by meerkat View Post
I have noticed something curious in my Amazon profile the other day -- it showed that 14 devices were allowed to log in without an OTP! I've never logged in from more than 3 or 4 devices in total, let alone 14. No one else was ever allowed by me to log into my account either.
Probably the lifetime total devices you have logged in from? Phone changes, app uninstall/reinstall cycles etc. all count among new devices. Just get rid of the ones you don't recognise - or better still, get rid of them all and re-login from the devices that you trust.

Quote:
Originally Posted by meerkat View Post
If any hacker can find out my password somehow, how come one is allowed to log in without an OTP? What's the use of a 2-factor authentication if it is not on by default, and any new device can log in at will if the password is somehow leaked?
Very few service providers default to 2FA currently. Most require the user to explicitly enable it. Which is how I believe it should be - not everyone wants 2FA for all services (after all, SMS-based 2FA is not true 2FA).
binand is offline   (2) Thanks
Old 10th April 2021, 17:42   #6777
BANNED
 
Join Date: Mar 2007
Location: Kolhapur
Posts: 1,725
Thanked: 1,909 Times
Re: Amazon broken into ?

Quote:
Originally Posted by binand View Post
after all, SMS-based 2FA is not true 2FA
SMS based 2FA is of course true 2FA. 2FA is 2 Factor authentication. The 3 main factors of authentication are

- What you know
- What you have
- What you are

Any authentication which uses 2 of the above 3 is 2FA

Password is what you know
Your SIM Card is what you have (The SMS comes on your SIM Card - you having the OTP means you have the SIM Card)

So nothing is lacking.
carboy is offline  
Old 10th April 2021, 19:26   #6778
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 3,675
Thanked: 5,697 Times
Re: Amazon broken into ?

Quote:
Originally Posted by carboy View Post
So nothing is lacking.
This is a facile, ill-informed view (based on the kool-aid produced by the marketing departments of service providers?). To the extend that OTP is supposed to do the "what you have" authentication with respect to the SIM card, I agree. But the problem is that OTP, as implemented currently, conflates knowledge of the PIN ("what you know") with possession of the SIM - which, depending on the protection you need or the threat model you have, is not a true interchangeability that holds good in the real world.

From the administrator of the backend system where the OTP is produced to SMS software's developers, there are several entities who aren't in possession of the SIM card but can access the OTP making it a very unsafe method of authentication.
binand is offline   (9) Thanks
Old 11th April 2021, 08:00   #6779
BHPian
 
Join Date: Nov 2004
Location: World
Posts: 123
Thanked: 214 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by binand View Post
....
Probably the lifetime total devices you have logged in from? Phone changes, app uninstall/reinstall cycles etc. all count among new devices.

"Lifetime total devices" still don't add up! I've started using the Amazon app only recently, and only from a single phone so far! Plus may be 2 or 3 PCs/ laptops ever (all mine). But I didn't know app uninstall/reinstall cycles could contribute to this count too!


Quote:
Very few service providers default to 2FA currently. Most require the user to explicitly enable it. Which is how I believe it should be - not everyone wants 2FA for all services

That's what confounds me. After all, anybody could turn off 2FA for specific devices as they want. Otherwise, what's the point of having 2FA at all? As I see it, if the password is not compromised, 2FA is redundant, and if it is compromised, anybody could log in from other devices! So I don't see how having 2FA is of any use at all unless it is on by default!


Quote:
Originally Posted by binand View Post
...
From the administrator of the backend system where the OTP is produced to SMS software's developers, there are several entities who aren't in possession of the SIM card but can access the OTP making it a very unsafe method of authentication.

And I, rather naively it seems after your explanation, have always assumed that the whole process is somehow securely automated! Still it begs the question, how come our whole financial system (among others) has become so critically dependent on this type of authentication, and no major issues have surfaced so far due to such ubiquitous reliance on this!
.

Last edited by meerkat : 11th April 2021 at 08:03.
meerkat is offline  
Old 11th April 2021, 11:30   #6780
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 3,675
Thanked: 5,697 Times
Re: The Online Shopping Thread

Quote:
Originally Posted by meerkat View Post
After all, anybody could turn off 2FA for specific devices as they want. Otherwise, what's the point of having 2FA at all? As I see it, if the password is not compromised, 2FA is redundant, and if it is compromised, anybody could log in from other devices! So I don't see how having 2FA is of any use at all unless it is on by default!
The implementations I have seen are like this:

1. They all default to single factor only. 2FA is something the user explicitly turns on.
2. Once the user turns it on, they have to login from every device once with the full 2FA flow.
3. After that, the user has the option of marking one or several devices as "trusted devices" where logging in will not be mandated any longer.

I believe you are talking of #3? It is meant for your personal devices and the choice is entirely yours. I think it is a reasonable midpoint in the security vs convenience range. It is not "anybody could turn off", it is "people with access to the device can turn off" - and you as the device owner has control on limiting that set.

Maybe there is some other issue you want to point out? Because I certainly do not agree with "2FA is redundant".

Quote:
Originally Posted by meerkat View Post
And I, rather naively it seems after your explanation, have always assumed that the whole process is somehow securely automated! Still it begs the question, how come our whole financial system (among others) has become so critically dependent on this type of authentication, and no major issues have surfaced so far due to such ubiquitous reliance on this!
Of course there have been hundreds, thousands of cases where OTPs were stolen/retrieved and transactions made without the knowledge/consent of the account owner. The newspapers report these frequently. All these are failures of our faulty implementation of 2FA.

I remember using an RSA SecurID 2FA token, issued by HSBC in India, back in early oughties - so it is not that they can't do it. They just drag their feet because implementing the right approach is costlier for them, and the downside of not implementing is not expensive enough.

Edit: About 2-3 years back I migrated to a Yubikey (https://www.amazon.in/gp/product/B07HBD71HL/) for some of my important accounts instead of SMS OTP or TOTP. Today I prioritise 2FA as: Yubikey, if not supported then TOTP, if not supported then SMS, if not supported take a long hard look at the service and decide whether it is really worth it.

Last edited by binand : 11th April 2021 at 11:34.
binand is offline   (1) Thanks
Reply

Most Viewed
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Copyright ©2000 - 2024, Team-BHP.com
Proudly powered by E2E Networks