Lemdro.id

in programmerhumor@lemmy.ml•The OTP you want to use was already used

19 points

1 year ago

Although it’s true that you are increasing the attack surface when compared to locally stored OTP keys, in the context of OTPs, it doesn’t matter. It still is doing it’s job as the second factor of authentication. The password is something you know, and the OTP is something you have (your phone/SIM card).

I would argue it is much worse what 1Password and Bitwarden (and maybe others?) allows the users to do. Which is to have the both the password and the OTP generator inside the same vault. For all intents and purposes this becomes a single factor as both are now something you know (the password to your vault).

report

[ - ]

in selfhosted@lemmy.world•ADMIN, isn't it time to move from lemmy.world?

1 point

1 year ago

Deleted by creator

report

[ - ]

in selfhosted@lemmy.world•ADMIN, isn't it time to move from lemmy.world?

1 point

1 year ago

I think the admin of c/selfhosted is the admin of Lemmy.world

report

[ - ]

5 points

1 year ago

in asklemmy@lemmy.ml•What made you choose your instance?

Made my own for myself and some friends. We couldn’t be bothered creating account on the larger instances and have power tripping admins de-federating instances over trivial issues.

report

[ - ]

in technology@lemmy.ml•What is your internet service plan?

1 point

1 year ago

1000/400 mbps down/up for 40€ /month. Portugal

report

[ - ]

in android@lemdro.id•Better understanding and mitigating the risks of using a phone that no longer receives system updates

9 points

1 year ago

I think those kind of vulnerabilities are pretty rare, though.

Not really… If you go read the security bulletin from google, you will see every month that there are a couple of issues fixed on closed source components https://source.android.com/docs/security/bulletin/2023-07-01

Also vulnerabilities related to kernel code, I highly doubt most ROM “developers” are actually backporting security fixes for that specific device’s kernel branch/source.

report

[ - ]

in android@lemdro.id•Better understanding and mitigating the risks of using a phone that no longer receives system updates

21 points

1 year ago

You can update your phone with custom ROMs, but it won’t update the closed source components of it(device drivers, bootloader, etc…). If a vulnerability is found in one of those components, it’s unlikely that it will get parched

report

[ - ]

in asklemmy@lemmy.ml•What password manager do you recommend?

4 points

1 year ago

I think bitwarden fills all of your requirements.

report

[ - ]

in piracy@lemmy.dbzer0.com•Advanced pirates, whats a tip others might not know?

3 points

1 year ago

If you use over@lemmy.dbzer0.com to link a user, lemmy will instead create a link for the instance you are currently using.

report

[ - ]

4 points

1 year ago

in android@lemdro.id•*Permanently Deleted*

GrapheneOS uses exec spawning by default, but it’s pretty trivial to disable and it does speed things up (at a slight cost to security).

Even with that option disabled the slow down was significant enough. Maybe the mid-range chip used in the Pixel 5 wasn’t helping, but still… Overall the phone felt significantly quicker when switching back to stock.

I think using AOT rather than JIT compiling might be the cause of the slow installs, but I’m not sure (and I’ve not really noticed a problem myself).

That’s it, I remember reading in their forums one of the mods(or devs?) mentioning this.

report