Can a company website refuse to allow me to sign up without a mobile number?

IvanOpinion

unholyangel said:

IvanOpinion said:

unholyangel said:

Just to be clear, I'm not suggesting that no one use mobiles for MFA ever. Just that 1) I agree with OP it doesn't prove your identity, 2) they shouldn't make it their only method (because of the security flaws and high probability it would discriminate against certain characteristics) and 3) no one with any expertise on the subject would suggest a mobile phone is secure.

In response to your points
1. You are correct that it does not prove identity it but it significantly reduces the risk that it is someone else.  If you really want proof maybe they just request a DNA example everytime you log on.
2. There is no discrimination against anyone, because there is usually other, often complicated, means of verification for those that genuinely need them (as opposed to those that choose to make mountains out of molehills)
3. It is not the mobile phone that is the concern, it may or may not be secure depending on the software.  So SMS is more secure than email is more secure than passwords is more secure than nothing, but dedicated authentication apps running on exactly the same phones will provide more security (of course you could go with many more authentication factors - the most I have come across in my job though has been 4 factor authentication: password, authentication app, fingerprint  and mobile phone had to be traceable to specific sites).

Not quite sure you've though out your response. 

Point 2 doesn't apply where there are other methods and that should've have been evident from my saying it shouldn't be the only method. 

Point 3 there are mobile phones that are more or less secure. There's no mobile phone that is 100% secure. 

Why do you think sms is secure? You realise the phone itself can have software installed which allows someone to see everything? Even the stuff you delete? 

Not quite sure you have understood my response.
Point 2 does apply, there is no discrimination (mobile phone carrier is not a protected group - it is a choice).
Point 3, the device (in normal use) is irrelevant (excluding military devices).   It is the software (for the normal user) that is important and how it is used - but you are right there is no way to guarantee total security (even on military grade devices) - all we can ever hope for is to stay one step ahead.

I didn't actually say 'sms is secure', I said it was 'more secure' than email (in the context of receiving one-time codes) and passwords. 

As far as software that sees everything, that is no different to any other computer device - it is true, and is unlikely unless you have done something silly.  Over the last 20 years I have had dozens if not hundreds of computers through my hands were owners had told me they had been hacked, had viruses, had trojans etc. - I could count on the fingers of one hand the number of cases were it was true. Rest of the time it was just people who did not know how to use their computer.

unholyangel

IvanOpinion said:

unholyangel said:

IvanOpinion said:

unholyangel said:

Just to be clear, I'm not suggesting that no one use mobiles for MFA ever. Just that 1) I agree with OP it doesn't prove your identity, 2) they shouldn't make it their only method (because of the security flaws and high probability it would discriminate against certain characteristics) and 3) no one with any expertise on the subject would suggest a mobile phone is secure.

In response to your points
1. You are correct that it does not prove identity it but it significantly reduces the risk that it is someone else.  If you really want proof maybe they just request a DNA example everytime you log on.
2. There is no discrimination against anyone, because there is usually other, often complicated, means of verification for those that genuinely need them (as opposed to those that choose to make mountains out of molehills)
3. It is not the mobile phone that is the concern, it may or may not be secure depending on the software.  So SMS is more secure than email is more secure than passwords is more secure than nothing, but dedicated authentication apps running on exactly the same phones will provide more security (of course you could go with many more authentication factors - the most I have come across in my job though has been 4 factor authentication: password, authentication app, fingerprint  and mobile phone had to be traceable to specific sites).

Not quite sure you've though out your response. 

Point 2 doesn't apply where there are other methods and that should've have been evident from my saying it shouldn't be the only method. 

Point 3 there are mobile phones that are more or less secure. There's no mobile phone that is 100% secure. 

Why do you think sms is secure? You realise the phone itself can have software installed which allows someone to see everything? Even the stuff you delete? 

Not quite sure you have understood my response.
Point 2 does apply, there is no discrimination (mobile phone carrier is not a protected group - it is a choice).
Point 3, the device (in normal use) is irrelevant (excluding military devices).   It is the software (for the normal user) that is important and how it is used - but you are right there is no way to guarantee total security (even on military grade devices) - all we can ever hope for is to stay one step ahead.

I didn't actually say 'sms is secure', I said it was 'more secure' than email (in the context of receiving one-time codes) and passwords. 

As far as software that sees everything, that is no different to any other computer device - it is true, and is unlikely unless you have done something silly.  Over the last 20 years I have had dozens if not hundreds of computers through my hands were owners had told me they had been hacked, had viruses, had trojans etc. - I could count on the fingers of one hand the number of cases were it was true. Rest of the time it was just people who did not know how to use their computer.

If they have other methods available for all groups it's not discrimination. If they only have 1 method available it would be highly likely to discriminate (indirectly) against the protected characteristics of age and disability. Discrimination doesn't need to be direct to be illegal. 

Also "military devices" still use the same programming concepts. There's no special computing rules for them. They can still be hacked, just those "secure connections" are normally monitored and logged so they can trace them. Tbh two cups and a string would be more secure. 

Plus all of our current digital security rests on the principle that it would take too long to crack the encryption. Which is why so many experts are worried about quantum computing.  

I know what you said about SMS, but it's not more secure than email. I was querying why you think that's the case. An email will definitely have a password on it (that may even involve another layer of security via MFA itself) an SMS won't (although a phone might, so might a computer that's used to check email). There will also be a log of access to your email. Same can't be said for SMS. So why would you think sms is more secure? 

powerful_Rogue

Struggling to see how this could be classed as discrimination based on age, and to a certain extent disability.

Seems like it's implying that once you hit a certain age you can't operate a mobile. The same for disability - Which is completly incorrect.

IvanOpinion

unholyangel said:

If they have other methods available for all groups it's not discrimination. If they only have 1 method available it would be highly likely to discriminate (indirectly) against the protected characteristics of age and disability. Discrimination doesn't need to be direct to be illegal. 
We are going a bit off topic.  Asking someone for a mobile number in the 21st century is not discrimination. Especially when you have no idea why they ask for it.

Also "military devices" still use the same programming concepts.  There's no special computing rules for them.
Often very different hardware and totally different programming standards and practices.  There are some very special computing rules.

They can still be hacked, just those "secure connections" are normally monitored and logged so they can trace them. Tbh two cups and a string would be more secure. 
If you believe that then you have been watching too much Scooby Doo.

Plus all of our current digital security rests on the principle that it would take too long to crack the encryption. Which is why so many experts are worried about quantum computing.  
We need to reel the sci-fi back a bit.  Yes Quantum computers may cause security issues but they will also provide the ability to beat those same issues.  At the minute a lot of what is being said is just theoretical and unproven.

I know what you said about SMS, but it's not more secure than email. I was querying why you think that's the case.  An email will definitely have a password on it (that may even involve another layer of security via MFA itself) an SMS won't (although a phone might, so might a computer that's used to check email). There will also be a log of access to your email. Same can't be said for SMS. So why would you think sms is more secure? 

To be fair your exact words were "Why do you think sms is secure?" - something I never claimed.

Of all the means of electronic communication email is one of the weaker ones when it comes to security.  The (very much over simplified) explanation is that email is 'all over the place' it can take any convoluted path it needs to to get from sender-to-recipient with multiple points of interception and not always encrypted, plus when it arrives at its target the way most users handle it on their computer makes it even easier to gain access to.  On the other hand SMS is more like peer-to-peer with far fewer interception points, when it is on the phone it is no more or no less secure than email.  Your 'logs of access' are of little relevance since they are so easily bypassed or spoofed to the point that they may as well not exist.  Both could be made much more secure but in the overwhelming majority of cases that is not required so most people don't need to do it..

The only point I was making is that neither are secure but of the two, SMS is probably slightly more secure than email - to real hackers - and neither is as a good as a proper authentication app.  But then again the real hardcore hacking is not done the way Hollywood makes the general public believe it is done (I have never seen a computer that would prefer to play noughts-and-crosses instead of destroying the world).  

unholyangel

powerful_Rogue said:

Struggling to see how this could be classed as discrimination based on age, and to a certain extent disability.

Seems like it's implying that once you hit a certain age you can't operate a mobile. The same for disability - Which is completly incorrect.

So you don't think the older generations can (not will, but can) experience difficulty in using technology? Same with certain disabilities, you don't think that certain disabilities could prove problematic in operating a mobile phone? 

That's all that's required for equality legislation to apply. It doesn't have to disadvantage every single person who shares that protected characteristic. 

unholyangel

IvanOpinion said:

unholyangel said:

If they have other methods available for all groups it's not discrimination. If they only have 1 method available it would be highly likely to discriminate (indirectly) against the protected characteristics of age and disability. Discrimination doesn't need to be direct to be illegal. 
We are going a bit off topic.  Asking someone for a mobile number in the 21st century is not discrimination. Especially when you have no idea why they ask for it.

Also "military devices" still use the same programming concepts.  There's no special computing rules for them.
Often very different hardware and totally different programming standards and practices.  There are some very special computing rules.

They can still be hacked, just those "secure connections" are normally monitored and logged so they can trace them. Tbh two cups and a string would be more secure. 
If you believe that then you have been watching too much Scooby Doo.

Plus all of our current digital security rests on the principle that it would take too long to crack the encryption. Which is why so many experts are worried about quantum computing.  
We need to reel the sci-fi back a bit.  Yes Quantum computers may cause security issues but they will also provide the ability to beat those same issues.  At the minute a lot of what is being said is just theoretical and unproven.

I know what you said about SMS, but it's not more secure than email. I was querying why you think that's the case.  An email will definitely have a password on it (that may even involve another layer of security via MFA itself) an SMS won't (although a phone might, so might a computer that's used to check email). There will also be a log of access to your email. Same can't be said for SMS. So why would you think sms is more secure? 

To be fair your exact words were "Why do you think sms is secure?" - something I never claimed.

Of all the means of electronic communication email is one of the weaker ones when it comes to security.  The (very much over simplified) explanation is that email is 'all over the place' it can take any convoluted path it needs to to get from sender-to-recipient with multiple points of interception and not always encrypted, plus when it arrives at its target the way most users handle it on their computer makes it even easier to gain access to.  On the other hand SMS is more like peer-to-peer with far fewer interception points, when it is on the phone it is no more or no less secure than email.  Your 'logs of access' are of little relevance since they are so easily bypassed or spoofed to the point that they may as well not exist.  Both could be made much more secure but in the overwhelming majority of cases that is not required so most people don't need to do it..

The only point I was making is that neither are secure but of the two, SMS is probably slightly more secure than email - to real hackers - and neither is as a good as a proper authentication app.  But then again the real hardcore hacking is not done the way Hollywood makes the general public believe it is done (I have never seen a computer that would prefer to play noughts-and-crosses instead of destroying the world).  

1) Didn't say asking for a mobile number was discrimination. I said any policy making a mobile number mandatory (to access a service) is highly likely to be discriminatory. 
2) There are no special computing rules! They operate by the exact same scientific rules of computing that everything else does. Espionage and spying via technology have become the new major threat to national security over the last few decades. Gone are the days you had to be in the room or physically tap into a phone line or intercept a document. It's not a major threat because they're a safe method of communication, quite the opposite! 
3) Quantum computing is not sci-fi or just theoretical. It exists now. However, they still have to refine it to remove the effects of decoherence to have quantum computing as reliable. Easy enough to google and see if I'm wrong or you are. 

powerful_Rogue

unholyangel said:

powerful_Rogue said:

Struggling to see how this could be classed as discrimination based on age, and to a certain extent disability.

Seems like it's implying that once you hit a certain age you can't operate a mobile. The same for disability - Which is completly incorrect.

So you don't think the older generations can (not will, but can) experience difficulty in using technology? Same with certain disabilities, you don't think that certain disabilities could prove problematic in operating a mobile phone? 

That's all that's required for equality legislation to apply. It doesn't have to disadvantage every single person who shares that protected characteristic. 

Anyone can expereince difficulties in using technology, regardless of age/disability.

However if that person is able to access and use the internet, then what is the difference from using a mobile phone?

What disabilities are you thinking of? I know my mobile and my work mobile has many features to help and assit those with disabilities.

So are you saying if it disadvanted 0.01% of the elderly, then it would be classed as discrimination?

unholyangel

powerful_Rogue said:

unholyangel said:

powerful_Rogue said:

Struggling to see how this could be classed as discrimination based on age, and to a certain extent disability.

Seems like it's implying that once you hit a certain age you can't operate a mobile. The same for disability - Which is completly incorrect.

So you don't think the older generations can (not will, but can) experience difficulty in using technology? Same with certain disabilities, you don't think that certain disabilities could prove problematic in operating a mobile phone? 

That's all that's required for equality legislation to apply. It doesn't have to disadvantage every single person who shares that protected characteristic. 

Anyone can expereince difficulties in using technology, regardless of age/disability.

However if that person is able to access and use the internet, then what is the difference from using a mobile phone?

What disabilities are you thinking of? I know my mobile and my work mobile has many features to help and assit those with disabilities.

Yes, but those who are older are more prone to it, because they haven't grown up with it being an everyday part of life like other people. And those growing up with it will experience the same issues when they get older and technology changes. 

As for disabilities, off the top of my head (and to name but a few)....autism, OCD, those who are hearing or sight impaired, dyslexia, dyscalculia, anxiety, PTSD, physical impairment etc. Technology can sometimes remove barriers for disabled people, but sometimes it also creates barriers. 

powerful_Rogue

unholyangel said:

powerful_Rogue said:

unholyangel said:

powerful_Rogue said:

Struggling to see how this could be classed as discrimination based on age, and to a certain extent disability.

Seems like it's implying that once you hit a certain age you can't operate a mobile. The same for disability - Which is completly incorrect.

So you don't think the older generations can (not will, but can) experience difficulty in using technology? Same with certain disabilities, you don't think that certain disabilities could prove problematic in operating a mobile phone? 

That's all that's required for equality legislation to apply. It doesn't have to disadvantage every single person who shares that protected characteristic. 

Anyone can expereince difficulties in using technology, regardless of age/disability.

However if that person is able to access and use the internet, then what is the difference from using a mobile phone?

What disabilities are you thinking of? I know my mobile and my work mobile has many features to help and assit those with disabilities.

Yes, but those who are older are more prone to it, because they haven't grown up with it being an everyday part of life like other people. And those growing up with it will experience the same issues when they get older and technology changes. 

As for disabilities, off the top of my head (and to name but a few)....autism, OCD, those who are hearing or sight impaired, dyslexia, dyscalculia, anxiety, PTSD, physical impairment etc. Technology can sometimes remove barriers for disabled people, but sometimes it also creates barriers. 

But the same could be said for people in those categories using a PC/Laptop/Tablet.

If they are able to use one of the above, which they would be in this case as that is the OP's complaint, then they would be able to operate a moble phone which has the same disability features built in.

unholyangel

powerful_Rogue said:

unholyangel said:

powerful_Rogue said:

unholyangel said:

powerful_Rogue said:

Struggling to see how this could be classed as discrimination based on age, and to a certain extent disability.

Seems like it's implying that once you hit a certain age you can't operate a mobile. The same for disability - Which is completly incorrect.

So you don't think the older generations can (not will, but can) experience difficulty in using technology? Same with certain disabilities, you don't think that certain disabilities could prove problematic in operating a mobile phone? 

That's all that's required for equality legislation to apply. It doesn't have to disadvantage every single person who shares that protected characteristic. 

Anyone can expereince difficulties in using technology, regardless of age/disability.

However if that person is able to access and use the internet, then what is the difference from using a mobile phone?

What disabilities are you thinking of? I know my mobile and my work mobile has many features to help and assit those with disabilities.

Yes, but those who are older are more prone to it, because they haven't grown up with it being an everyday part of life like other people. And those growing up with it will experience the same issues when they get older and technology changes. 

As for disabilities, off the top of my head (and to name but a few)....autism, OCD, those who are hearing or sight impaired, dyslexia, dyscalculia, anxiety, PTSD, physical impairment etc. Technology can sometimes remove barriers for disabled people, but sometimes it also creates barriers. 

But the same could be said for people in those categories using a PC/Laptop/Tablet.

If they are able to use one of the above, which they would be in this case as that is the OP's complaint, then they would be able to operate a moble phone which has the same disability features built in.

That's some assumption to be making. You can't assume that because someone can use a website that they can use a mobile phone. Nor does a mobile phone have every single adaption available that's available on a pc. Some more common issues might be available as a OS accessibility feature. But others require specialist software - some of which is only designed for PCs. Some disabilities don't have any software adaptions available (ie anxiety or PTSD). 

I come across people of all different circumstances in my job. You can have two different people with the same condition request different reasonable adjustments because it affects them in different ways or they have different support available to them. 

To try give you an example.....three parents. One single, the other two aren't. Of the two who aren't single, one lives close by family and the other does not. Who (of the three) will have difficulty organising childcare, if they had to change their shift? You might suppose the one who is single or the one who doesn't live near family. The actual answer is any one of them. You can't presume to know someones needs based solely on knowing they have a protected characteristic, even if you know what the characteristic is.