Two factor authentication related to RM, FamilySearch & Ancestry

This is probably slightly off topic – But, one of the threads I read yesterday made reference to a breach at 23 & me that led to all these changes being made by the developers of RM, FamilySearch, Ancestry, etc. If it were the harvesting of passwords that was the offending issue, that seems relatively minor. For years the password “family” was suggested to me as easy to use for at least 2 of the well known genealogy sites. Most sites do not publish the details of living people. General information on living people is widely available online. So, why is there so much concern for security details for a chosen recreational endeavor. I expect strong security for my financial dealings, but why for genealogy? Is it related to the expansion of DNA and genealogy?

Can someone in development explain the reasoning behind these changes that are making it more difficult to do genealogy research? Do we expect more large changes in the next year or two in the way RM, FamilySearch, Ancestry and others interact. If so, should we be expecting closer to yearly upgrades to RM similar the time from from RM8 to RM9?

I truly doubt that development is going to give you much of an answer. This whole authentication thing was not their issue but an issue brought about by Ancestry and others. The RM developers simply have to react to forced changes by these sites because if they don’t, can you imagine the carping and whinging that would take place if people were not able to connect to the sites via RM? It would be the absolute end of the world for some of them.

As for why the security changes came about, and why it should matter…Many people do have information on these sites that they probably wish to remain private. If the sites didn’t see an issue with it, then they really wouldn’t require a password from you. If you have no such issues, then by all means, keep using ‘family’ for your password. Personally, I am a bit gobsmacked that you seem to find this is making your research so much more difficult. We are talking about what? 30 seconds of your time?

My post had little to do with my choice of passwords, just a means to point out that Ancestry and other sites were not concerned about strong passwords until some breatches that caused difficulty, like possible lawsuits. Corporate issues resulted in the various businesses apparently taking a DEFENSIVE approach, making it more difficult in some ways to process what is online. Taking it further, we researchers should probably use common sense about what we post online rather than worrying about a business keeping our personal information private.

Several RM users posting on this forum are concerned about the frequent upgrades of the program, some of which are centered around the ability to upload, download, and compare databases between their own computer, what is found on Ancestry, what is found on FamilySearch, and probably others as time goes on.

The problem is that there are some monumental errors in all shared databases, and they just keep being perpetuated with this approach. In my opinion this uploading and downloading of large numbers of individuals in a database and adjusting programs such as RM to perpetuate it is a big NEGATIVE to good research. One can use these databases in a much more nuanced manner. The point of getting one’s research correct is to go ONE PERSON AT A TIME from what you don’t know to new facts. So although a lot of us like to look at information in shared databases, acquiring it in mass may be detrimental to accuracy.

Personally i would like to see corporate entities develop better search engines to research individual people. And most of us would do better if we could evaluate individual facts in context. That is what I tried to get at the process in my previous post. Why does need to access Ancestry through RM other than WEBHINTS (I love these) that can be checked out one by one. From many versions back FO and RM supported an individual approach by allowing separate sourcing for individual facts. Many other early programs did not allow individual fact sourcing. The webhints support Bruce’s focus on individual fact sourcing.

Perhaps it is an issue of money that Bruce has chosen to go the route towards Ancestry. I was a charter member of Ancestry and generally supportive of it, but perhaps this cooperative endeavor does not serve RM and RM’s loyal users very well. I still would be interested in the perspective of the management team, and if we should expect frequent RM updates based on Ancestry’s approach.

@mscheffler Not sure why would need 2 step verification as it’s a free site and no DNA BUT ANCESTRY is a whole different situation— main reasons for 2 step verification is DNA and of course because most people have a credit card linked to their accounts-- there are also people who use the same user name/ email and password on a site like Ancestry and on their credit card website log ins etc…

You also have to realize that Ancestry took over ROOTSWEB in 2000-- abt 2017, there was a major data breach at that resulted in approximately 300,000 email and password combinations being leaked.— Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, they found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers,” --seems like as I recall Rootsweb was off-line for at least a year trying to make the site more secure…

So as far as Ancestry is concerned, they’ve already experience a major data breach and know what it took to secure the site, ( can you imagine Ancestry being offline for a year??)-- so I think both companies are being pro-active abt the issue…

I would think that the administrators of a site like FamilySearch would want to assure that the person using the site is the same as the person who logged in.
The logged in user’s ID is saved in audit and change logs.
The admins would want to ban users who vandalize the tree.

The issue with 23andMe was a great feature they had, and is now turned off. That feature is the ability to share DNA details among DNA matched people and the ability to download a summary file of the shared data. People you matched with received, with your permission, somewhat private data. Those people betrayed the first person’s trust by making their accounts so vulnerable.

1 Like

I may be wrong, BUT reading what MOST people on here have posted, they are verifying the new info that they find on Ancestry etc, add it to the on-line database and then using tree share to update their RM files ( unless they just download a whole new file)-- they are NOT just accepting any and all facts…

I tried treeshare and personally I find it much faster and easier to just copy any new info I find on any site and manually add it to my file rather than accepting 2000+ changes one at a time–BUT that is my opinion…

Personally-- Ancestry offering Bruce and RM the ability to synch your tree with Ancestry would be like you and I winning the lottery–as far as I know only RM and FTM have this ability–and that is major-- as kfunk said there would be a lot of carping and whining that would take place if people were not able to connect to the sites via RM? It would be the absolute end of the world for some of them…

As for updates, there will always be updates-- as for a major upgrade ( like going from RM 8 to RM9) that would depend on what the changes were and if it could be easily incorporated into RM 9–and there is no way that the management team would know until it happens…

You have about as much chance of that happening as I do in winning the lottery tomorrow night. I really don’t know why you now expect the updates to increase to keep p[ace with Ancestry. This has only happened on a few occasions, and as should be apparent, Bruce knew about the pending changes well in advance in order to get his product fixed to meet the new login requirements.

Sourcing individual facts has been around in multiple software since long before Ancestry dreamed up WebHints, even in the many apps that Ancestry has not granted access to their API. I suspect if WebHints went away tomorrow, the various apps wouldn’t change.

Yes, there are many errors in other people’s trees. As has been said so many times, stop getting hung up on people’s trees and use the sites for the original records that they provide. Unfortunately there are a lot of stupid and lazy people who Hoover up data from trees then act rather shocked if someone ever tells them it is wrong. As my wife says, you can’t fix stupid.

Why don’t said entities just do your “research” for you? The point of research, regardless of the field, is to gather your facts and examine them in context. In the specific case of genealogy, once you have gathered and extracted the context, then, and only then, should it be entered into Rootsmagic or whatever other chosen product you use.

I don’t think even Webhints are neccessary in RM. You can go look at the hints on Ancestry as well as whatever hints FamilySearch offers.

You have already tried that argument in previous posts. It still makes as little sense as it did the last time. That particular argument can be used for anything online, from accessing your banking and credit cards to subscribing to your favorite magazine that now is online only because people don’t buy paper anymore. If you want the convenience of doing stuff online, then you need to realize that some times personal information is needed or is even inadvertently entered. Many companies are trying to protect that data because it is very costly to them when they have breaches, both in lost and future well as the time to track down and patch vulnerabilities.

A bunch of people did complain at the short turnaround between RM8 and RM9 but we all know why that happened. RM8 sucked badly and maybe Bruce did not play that quite as smart as he should have, however RM9 has now been out for what? A year? Even if a new version was released tomorrow, I don’t see that as a frequent upgrade. Other than the Ancestry changeover, people are quite free to not upgrade if they have something working. I still use RM7 because I don’t really need WebHints and I only TreeShare maybe twice a year and I could just upload a GEDCOM file if I had to. So for now, I see no reason to upgrade to a version that I find cartoonish and badly designed from a UI standpoint.

1 Like

The need for tighter security in my opinion for both Ancestry and FamilySearch logins is unique to the type of data they hold. Both have living people information only accessed through an individual login. Many don’t care about your trees. It’s the living they are after. Some countries have more costly fines and penalties for exposing data on living people. Ancestry additionally has DNA information on those living individuals it needs to protect. FamilySearch has protected groups only certain logins have access to, along with temple ordinance statuses. If stronger security is needed than OAuth technology provides, then RM will release updates to support them in whatever version is current at the time.

1 Like