I would have expected them to ask me to message them, in order to resolve the issue of not having access to my old email. Instead, they assume that I still have access to it, by simply contacting my email provider!

If I could do that, I wouldn’t have lost access to it through would I?

You are viewing a single thread.
View all comments View context
34 points
*

There is.

2FA. No, not the fucking “we’ll send you an SMS” bullshit that is increasingly used to just highlight an active phone number for spam purposes. Proper TOTP with the code backed up to a proper service (bare minimum, Bitwarden)

Someone can steal your password and even your email account (unless you TOTP that too…). They still can’t get into your account unless you are an idiot who gets tricked into providing the 2FA key.

In a perfect world? Have your TOTP credentials in one encrypted database/Bitwarden account and your passwords in another. In reality? Just use a trusted service. I used to be a big fan of Keepass but protecting that with a yubikey (or similar) is a huge mess.


The recent push for passkeys (?) is a nice-ish middle ground. People don’t need to understand how to paste a TOTP code into Bitwarden but they still need to approve a login. That said, I hate it since so much of it is dependent on a single device that can generally be opened by just applying REDACTED to the screen and doing REDACTED to narrow down the lock code significantly.

permalink
report
parent
reply
6 points

not an SMS

OMFG YEEEEEEESSSSS I HATE THOSE I’m not even super duper security focused I just love the idea of even a bot farm has to guess a code within a 30 second window

Meanwhile sms codes usually expire between a ten minutes and an hour, usually a half hour, but thats if at all

As much as I hate them they’re better than nothing :/

permalink
report
parent
reply
3 points

I doubt bruteforce has been used in one of these attacks. The service should detect a bot entering many combinations per second.

The main problem with SMS is that someone could social engineer the mobile operator support to give them a new SIM.

Probably not something you should worry too much about unless you are in any way a target, but still.

permalink
report
parent
reply
1 point

I also said way less than what I was thinking but you pretty much summarized the other half of what I was thinking with people being able to get the authenticator which is in this case the message

I also just plain don’t like them

Idk why beyond the reasons I said

permalink
report
parent
reply
2 points

Quick question, how do you back up a 2FA “code” to Bitwarden? Sounds like a wise thing to do for my current 2FA accounts.

permalink
report
parent
reply
1 point

Really depends on your current tool so RTFM on that.

But when you are activating it in your account? There is a QR code you are supposed to scan. And there is almost always a button like “Having trouble?” or “Show TOTP Key” or whatever. Click that and you get a long alphanumeric string instead. Paste that into the TOTP field for Bitwarden (or Keepass or whatever) and it will generate codes for you.

Once or twice I have had to actually use my phone camera to decode the QR code so that I can manually type in the TOTP code/seed, but I think the last time I did that was in like 2020?

permalink
report
parent
reply
1 point

That said, I hate it since so much of it is dependent on a single device that can generally be opened by just applying REDACTED to the screen and doing REDACTED to narrow down the lock code significantly.

Would that work with my pin which is the equivalent of 40483770487025502574448? Or is a password better?

I think a pin like that is harder to remember for people, and even to get it using fingerprints is difficult because you cover a lot of the numbers giving false information

permalink
report
parent
reply

Mildly Infuriating

!mildlyinfuriating@lemmy.world

Create post

Home to all things “Mildly Infuriating” Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I’m not about stealing content!

It’s just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful

Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.


2. No Illegal Content

Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)


3. No Spam

Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.


4. No Porn/Explicit

Content


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.


5. No Enciting Harassment,

Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.


6. NSFW should be behind NSFW tags.

-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.


7. Content should match the theme of this community.

-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.


8. Reposting of Reddit content is permitted, try to credit the OC.

-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

Community stats

  • 6.5K

    Monthly active users

  • 983

    Posts

  • 58K

    Comments