Grand River Transit - Printable Version +- Waterloo Region Connected (https://www.waterlooregionconnected.com) +-- Forum: Waterloo Region Works (https://www.waterlooregionconnected.com/forumdisplay.php?fid=14) +--- Forum: Transportation and Infrastructure (https://www.waterlooregionconnected.com/forumdisplay.php?fid=25) +--- Thread: Grand River Transit (/showthread.php?tid=13) Pages:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
|
RE: Grand River Transit - tomh009 - 06-18-2017 What street did I live on when I was 10 years old? What is the first name of my mother's oldest brother? What colour was my first car? What was the first name of my first boss? What city did I fly to on my first flight? What city was my mother-in-law born in? All of these definitive, permanent and hard for someone else to discover. If we need to have security questions, at least we should spend 10 minutes coming up with some decent ones (no software development cost difference between good questions and bad questions!). RE: Grand River Transit - kps - 06-18-2017 (06-18-2017, 07:28 AM)Canard Wrote: Or have eyes, to see colours. Well, your first car did have a colour, whether you could see it or not. (Obligatory Google ad.) ⋮ The US NIST no longer recommends security questions, and specifically forbids questions of that type: Quote:The CSP SHALL NOT use KBV questions for which the answers do not change regularly over a period of time (e.g., What was your first car?). RE: Grand River Transit - highlander - 06-18-2017 I didn't know people actually answered these honestly. I just generate a random password as an answer and store it in an encrypted note in my password manager. The actual questions don't matter. RE: Grand River Transit - danbrotherston - 06-18-2017 (06-18-2017, 01:02 PM)kps Wrote:(06-18-2017, 07:28 AM)Canard Wrote: Or have eyes, to see colours. However, one may not necessarily have a first car, especially for transit users. Quote:The US NIST no longer recommends security questions, and specifically forbids questions of that type: This is interesting, the suggestion is that questions should change over a period of time. This basically entirely defeats the purpose of the questions, in that one may recall the answers at a later time. RE: Grand River Transit - danbrotherston - 06-18-2017 (06-18-2017, 03:04 PM)highlander Wrote: I didn't know people actually answered these honestly. I just generate a random password as an answer and store it in an encrypted note in my password manager. The actual questions don't matter. So, think of the average user, the average user doesn't even know what a password manager is, let alone how to use one. But also, this entirely defeats the purpose of the security questions, the purpose being that in the event you lose your password (for example, if your password manager database is lost), you are able to securely identify yourself another way by knowing this information about yourself independently from your password. Not that it's a great system anyway, these questions are both guessable and also hard to remember. Security questions should be a relic of the past. RE: Grand River Transit - panamaniac - 06-18-2017 (06-18-2017, 10:30 PM)danbrotherston Wrote:(06-18-2017, 03:04 PM)highlander Wrote: I didn't know people actually answered these honestly. I just generate a random password as an answer and store it in an encrypted note in my password manager. The actual questions don't matter. Leading many to use a single password for all purposes. Terrible practice, but what can they do? RE: Grand River Transit - danbrotherston - 06-18-2017 (06-18-2017, 10:42 PM)panamaniac Wrote:(06-18-2017, 10:30 PM)danbrotherston Wrote: So, think of the average user, the average user doesn't even know what a password manager is, let alone how to use one. But also, this entirely defeats the purpose of the security questions, the purpose being that in the event you lose your password (for example, if your password manager database is lost), you are able to securely identify yourself another way by knowing this information about yourself independently from your password. Well, accept that people will do this an implement better two factor auth systems for starters. We have this discussion with roads, you cannot fix people, our systems should accept that and accommodate our failings instead. This type of thing would be excusable 10 years ago, but now we have much better options. RE: Grand River Transit - ijmorlan - 06-19-2017 (06-18-2017, 10:42 PM)panamaniac Wrote:(06-18-2017, 10:30 PM)danbrotherston Wrote: So, think of the average user, the average user doesn't even know what a password manager is, let alone how to use one. But also, this entirely defeats the purpose of the security questions, the purpose being that in the event you lose your password (for example, if your password manager database is lost), you are able to securely identify yourself another way by knowing this information about yourself independently from your password. There is a huge and fundamental difference between a single password which is revealed to numerous entities, and storing multiple secure passwords in a single password store that are all unlocked by the same secure password. Note too that the password store password is never sent over the network at all. My bugaboo is the inability to set a randomly determined password consisting of, say, 8 lowercase letters. Note the “randomly determined”. 8 random lowercase letters give way more password choices than the usual “my dog’s name with a capital letter, digit, and punctuation appended” sort of password choice mechanism, and are way easier to type. Also some sites don’t even allow Safari’s randomly-chosen password, which consist of several blocks of upper- and lower-case letters and digits, combined with dashes. So the correct way for a password system to work is to allow Safari’s (or your favourite browser) password store to auto-generate its passwords. If a higher level of security is truly needed, issue two-factor tokens. If it’s too expensive to do so, then the higher level of security is not obtainable, full stop. OK, not full stop, I continue to say that it probably isn’t actually needed. Any situation where the higher level is needed probably has enough resources floating around that two-factor is feasible. A site can also allow Facebook/Google/… logins. That is especially appropriate for relatively low-security situations like a transit agency fare account login. This avoids all the issues associated with storing and updating passwords — essentially you outsource an entire section of the application, and avoid cluttering people’s lives with yet more rarely-used passwords. RE: Grand River Transit - isUsername - 06-19-2017 Good news! A Google-derived anti-bot system has been added to their security! RE: Grand River Transit - ijmorlan - 06-19-2017 (06-19-2017, 07:13 PM)isUsername Wrote: Good news! A Google-derived anti-bot system has been added to their security! Please tell me this post was meant for April 1. RE: Grand River Transit - Canard - 06-19-2017 LLOLOLOLOLOLOL RE: Grand River Transit - danbrotherston - 06-21-2017 Anyone else find it ironic that the iXpress 200 takes about 50% longer to go from Conestoga Mall to DTK than the #7 milk-run. Now, yes, the 7 is a much more direct route, but it's also the same time as the #6 which also goes far out of the way. RE: Grand River Transit - Markster - 06-21-2017 (06-21-2017, 02:34 PM)danbrotherston Wrote: Anyone else find it ironic that the iXpress 200 takes about 50% longer to go from Conestoga Mall to DTK than the #7 milk-run. Now, yes, the 7 is a much more direct route, but it's also the same time as the #6 which also goes far out of the way. Yeah, the construction detours really killed the 200s schedule. It's always been faster to take the 7C from downtown than the 200, but it's gotten much worse. Route 6 has always been a bit of a secret. It's not excessively out of the way, and it runs on much faster roads, and makes fewer stops due to fewer passengers. If you're going between downtown and Conestoga mall, it's actually a very sane choice! If it's bad weather, it's almost certainly going to be more reliable than the 7. RE: Grand River Transit - danbrotherston - 06-21-2017 (06-21-2017, 02:52 PM)Markster Wrote:(06-21-2017, 02:34 PM)danbrotherston Wrote: Anyone else find it ironic that the iXpress 200 takes about 50% longer to go from Conestoga Mall to DTK than the #7 milk-run. Now, yes, the 7 is a much more direct route, but it's also the same time as the #6 which also goes far out of the way. Yes, although ironically, a friend of mine says he doesn't like the 6 because it's like a milk run. RE: Grand River Transit - KevinL - 06-28-2017 So there's been a change to the design of paper schedules (again!) - Last year they changed from having a flush-to-the-corners design to one with a bit more free space, presumably to improve readability, but they still maintained an 'abstracted' map design - a thematic map with just the roads relevant to the route, rectified and straightened, as they've had fro the last 5-7 years or so. But now they've started to introduce accurate maps - actual geographically correct route maps, no abstraction allowed. And the absurd part is, all of these designs are currently in use to some degree or another, depending on the specific route - I pulled these fresh off the rack at Charles Street. Yikes. |