fsebugoutzone.org:9999

       Post AyhYLHXFgXVehzRF2m by Zergling_man@sacred.harpy.faith
 (DIR) More posts by Zergling_man@sacred.harpy.faith
 (DIR) Post #AyhVUPfEX45YfApm1Q by pawsplay@dice.camp
       2025-09-29T13:02:58Z
       
       0 likes, 0 repeats
       
       2FA isn&#39;t notably safer for you, but it does more closely tie your identity to your accounts and transactions, making you easier to surveil.
       
 (DIR) Post #AyhVUQh2hp87r4gjTs by cy@fedicy.us.to
       2025-09-29T14:10:55Z
       
       0 likes, 0 repeats
       
       Obligatory mention that public key authentication is 2FA and safer for you and doesn&#39;t make you easier to surveil.
       
 (DIR) Post #AyhVURX9a4oWSh4Lho by Zergling_man@sacred.harpy.faith
       2025-09-29T14:13:51.834003Z
       
       0 likes, 0 repeats
       
       @cy @pawsplay Technically incorrect: 2FA is literally just using two different forms of authentication. Public key auth is only one factor.The rest of it is correct, but you significantly understate just how much public key auth kicks the everloving shit out of every other auth method, even in-person facial recognition (like, speaking to the teller); even combining every auth system we have (except maybe fingerprint/eyeprint/whatever) still isn&#39;t as secure as public key auth.
       
 (DIR) Post #AyhWIzyTnyq9kzxQPI by cy@fedicy.us.to
       2025-09-29T14:21:38Z
       
       1 likes, 0 repeats
       
       2FA is 2 different factors of authentication, the 3 factors being:1. something you know2. something you have3. something you areMore factors might not make you more secure at all, and the whole thing feels like an excuse to require retina scans, but whether or not 2FA is a good idea, the surveillance ghouls claim that their slimy phishing is 2FA, because it satisfies factors 1 (your password) and 2 (your phone).Public key authentication also satisfies factors 1 and 2 though.1. something you know (the password encrypting your private key)2. something you have (your private key)Public key authentication even qualifies as 3FA, if &quot;what you have&quot; is not a private key, but must be fed into a keygen along with your biometric data in order to get your private key. And all without giving away your privacy to some fascist data miners.CC: @pawsplay@dice.camp
       
 (DIR) Post #AyhWVfaCvoS6HKe8hM by Zergling_man@sacred.harpy.faith
       2025-09-29T14:25:20.914127Z
       
       0 likes, 0 repeats
       
       @cy @pawsplay This doesn&#39;t generate a notification somehow.&gt;1. something you know (the password encrypting your private key)You don&#39;t prove that to the remote though, only to yourself. Same for everything else in it. You can include biometric data/password as part of the challenge if you want, but not really worth it.I don&#39;t even put passwords on my private keys.
       
 (DIR) Post #AyhY8qXGFCOzUkVrW4 by cy@fedicy.us.to
       2025-09-29T14:35:09Z
       
       1 likes, 0 repeats
       
       The remote doesn&#39;t need that proven, because nobody without my password is going to be able to get my private key, so they&#39;re just as secure as if they checked my password, with the additional benefit that anyone breaking in won&#39;t get 10 million users&#39; passwords, and anyone guessing someone&#39;s password won&#39;t be able to break in.And yeah I don&#39;t bother with passwords either, unless getting compromised would cause actual harm somewhere, and unless my private key is at risk of getting nabbed.(...or DO I?)CC: @pawsplay@dice.camp
       
 (DIR) Post #AyhYLHXFgXVehzRF2m by Zergling_man@sacred.harpy.faith
       2025-09-29T14:45:54.949082Z
       
       0 likes, 0 repeats
       
       @cy @pawsplay Right, but that&#39;s my point as to why it&#39;s not really two factors; it&#39;s entirely dependent on your own internal configuration.... Eh, ok, fair point.