New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
For reference from blesta forums:
https://dev.blesta.com/browse/CORE-3068
We've offered 2fa for years, but with this law do we need to REQUIRE 2fa? Like is offering it enough, or do we have to enforce it?
Answered those below for you. Dev perspective.
Like Facebook, Intagram , Whatsapp, etc. Is natural to use the app market.
A proper done app would integrate with your fingerprint / phone lock ability.
It auto update. Is normal for these to be kept up to date automatically. Unless you have disable it.
Actually app development follow UX & UI best practices. It usually end up being familiar. For example Hybrid Frameworks like Ionic automatically apply a different behaviour to the UI depending on which platform is the user running. Good developers follow standards.
That is done automatically by your device if you haven't disable it.
Trust me, you don't want to go down that rabbithole because there is a lot of noise but no rabbits in it.
Hint: "RSA fobs" as in "products that use a payed for 'random' (prng) algo from the NSA".
One problem is evident: NSA, GCHQ, etc. A less evident problem is tha almost all major players (e.g. Google) have (a) a selective view because their interest isn't security but "security for our needs/use cases" and (b) usually a context that is very much different from yours (e.g. thousands and thousands of servers and billions of $).
Other problems that are rarely seen and understood include poor random choices (which looks unimpressive but actually is by far the most important element in most IT security), cruft (the OpenBSD guys ripped out lots of cruft from OpenSSL for good reasons), and more.
I came from another angle, the fact that pretty much all AVs have become security risks themselves. There are quite a few attack vectors out there due to considerable vulnerabilities in AVs.
If that ever came into public view the 90% would be united in voting for controlling (or locking away) the "dangerous intelligent ones". So, psshhh
Which - thank God for that! - are not part of the OS and must be "downloaded"
Definitely not. A properly done app would always let the user have some choice and the last word. Anything that boils down to a black box for the user is not a good solution.
Auto-updating solved some problems ... and created others and sometimes worse ones.
Please kindly call yourself "web dev" and not "dev". The latter are usually engineers (or tick like engineers) while the former often are [self-redacted] and have next to nothing in common with engineers.
That's nice actually!
I don’t know - ask them - surely not retrospectively though, so cards on file will need to be re-entered with Customer on site again through 3DS(2) before you’ll be able to continue using them.
We add this API call for the past month already to all payments on site. We aren’t quite sure if all banks are registering it yet - cuz no one seems to be prepared for this. It’s a joke.
You are right, I should have said Software Engineer . I dont know who you are minimizing here lol. Just saying... All I can gather from your responses is:
-You assume without experience.
*UX & UI is not limited to web so... i feel sad already for your response.
*You forgot we are talking about normal users and not engineers. For engineers apps are useless. But for normal users that like to one touch things and be done with it, apps is the way. Actually if I'm wrong, why do app stores exists ... and why are they so alive with new apps joining everyday?
I'll give you a 6/10 for effort.
Remember that not all apps run on web tech. There are advantages for apps that run native code in terms of performance, API access, integration...etc.
@Hxxx
Well that's roughly what was to be expected from a "UX" and "UI" focussed "developer".
But hey, satisfy my curiosity: what libraries or frameworks are you using when developing, say for Linux, xBSD, Windows, Apple (the desktop OS), Android, and IOS?
Well let's see what will happen I guess!!!
If you already had 3D-Secure enabled for all payments, you won't have to re-enter on the site, because you've already done the SCA - at least that's how it works with Braintree and quite some other Payment Providers.
No, SCA has to happen on the payment itself - if using an external hosted payment window, you'll likely not have to do anything (But confirm with your payment provider), if you're using Drop-In UI's or Hosted Fields from Braintree, Stripe or similar, you'll have to update the code to do 3D-Secure 2.0 (Relatively easy for drop-in UI in Braintree at least).
Not really. In case you intend to re-use Customer details offline, so for example, for the purpose of automated billing, you need to pass an additional parameter when creating the charge, informing the bank that you intend to do so. The bank can then apply different authentication to the Customer to comply with their own risk assessment under SCA.
Better inform Braintree about that then
And I can see you have to inform Adyen as well then - since they'll only require SCA if the first transaction was made on or after 14 September 2019: https://docs.adyen.com/payments-essentials/psd2-sca-compliance-and-implementation-guide/
So two major gateways are then doing it illegally or?
It's not about legally - I agree that 3DS suffices legally, but it's about the issuing bank will say yes, or no during the authorisation in this case and I guess we'll find out in September or later, how this works out in practice.
Ahh good to know. We transmit the data directly. (non tokenized authorize.net) With the exception of PayPal payments of course.
React <3
/s
Angular
@Hxxx
I was being sarcastic — real men write iOS apps in Objective-C as opposed to Swift :I
I differ ... real men write apps with pure C , not even ++. ObjectiveC is for pussies.