Post AmOLT1sRxRa5P27ImG by scherzog@mastodon.gamedev.place
(DIR) More posts by scherzog@mastodon.gamedev.place
(DIR) Post #AmNmtYvIDgyJ1gMZG4 by aeva@mastodon.gamedev.place
2024-09-25T22:27:44Z
0 likes, 1 repeats
I really hate "two factor" auth. Like, cool, I get it, it let's you pretend you can divest responsibility for security and recovery, but also it means dropping my phone too hard could be a life disrupting event so somehow I don't really feel like this is for my benefit.
(DIR) Post #AmNmtZpIrRm5pOZIYq by aeva@mastodon.gamedev.place
2024-09-25T22:30:20Z
0 likes, 0 repeats
It takes a really special kind of mind to say that tying your ability to access your accounts to a tiny slippery fragile glass object that is designed to break every two years average so you buy a new one for the benefit of the shareholders is somehow a significant security improvement, but then again maybe this is as close as we'll ever get to a public admission that the bar really is that low.
(DIR) Post #AmNmtaSeV9FZnQyitU by aeva@mastodon.gamedev.place
2024-09-25T22:43:14Z
1 likes, 0 repeats
anyways if someone wants to break into my github account and steal my open sources you've got about an hour give or take to break into my home and somehow steal this printout of recovery codes from the printer tray right next to me without me noticing you before I put it somewhere so safe I'll never find it again
(DIR) Post #AmNmtcVurz38A8WMG8 by aeva@mastodon.gamedev.place
2024-09-25T22:46:30Z
1 likes, 0 repeats
(please do not break into my home. I will make a lot of noise and wave my hands like I'm trying to chase off a bear and my wife will probably brain you with a pipe wrench if you don't leave)
(DIR) Post #AmOLT1sRxRa5P27ImG by scherzog@mastodon.gamedev.place
2024-09-25T23:33:36Z
0 likes, 0 repeats
@aeva I'm slightly sad that I didn't really need 2FA (or even 1FA) during the time when said 2nd factor was commonly encased in a thick layer of silicone, had a tiny 7-segment display as its sole user interface and was about the same size as your house keys. And was usually kept on the same keyring as said house keys.
(DIR) Post #AmOLT2nWXFEcG2osjo by aeva@mastodon.gamedev.place
2024-09-25T23:45:11Z
1 likes, 0 repeats
@scherzog what's cool about my house keys is there's more than one set of them in the whole world, and so if I lose mine I'm not like well fuck I guess I don't have a house now
(DIR) Post #AmOLT3ZNfJW2eTD6Ke by hj@shigusegubu.club
2024-09-26T09:57:07.363492Z
0 likes, 0 repeats
@aeva @scherzog you know you can make backups of OTP keys and have recovery strings as well, right?
(DIR) Post #AmOOkS8prQW9e4mTIm by cautionaryfable@peoplemaking.games
2024-09-25T22:46:28Z
0 likes, 0 repeats
@aeva I won't pretend to know the "real" motivation, but I've seen people advocate for the average person to use app-based 2FA over email 2FA because people have a habit of using the same password for everything and, if that account and their email have the same password, the 2FA is useless.
(DIR) Post #AmOOkSqRFJObpJBIGW by aeva@mastodon.gamedev.place
2024-09-25T22:57:42Z
0 likes, 0 repeats
@cautionaryfable seems like they should be advocating for people to use password managers instead
(DIR) Post #AmOOkTe4Gn5wJEOvce by smn@l3ib.org
2024-09-25T23:08:58Z
1 likes, 0 repeats
@aeva that's exactly it. The current conception of TOTP-based "2FA" is actually just a way to force people to use a (bad) password manager. But even though the UX sucks and the security is worse than a good password, it's still much, much better than a bad password. So I begrudgingly tolerate it. Passkeys could have been a good middle ground but they're being appropriated for vendor lockin, disguised as a security product. 😑Password managers it is then.