Increase in hacked accounts posting advertising content

[OSK]

Why does everyone keep pushing Authy?

 

[Taluntain]

It's easy to use, it's free and it works, so why not? I'm sure there are other similar apps if you want to use a different one, but I've never had any reason to use another.

 

[OSK]

It's easy to use, it's free and it works, so why not? I'm sure there are other similar apps if you want to use a different one, but I've never had any reason to use another.

It's closed-source and unnecessarily stores your otp-codes on their servers, so things like this can happen: https://www.pcmag.com/news/twilio-hackers-also-compromised-authy-users

 

[rusty_shackleford]

reminder that would never happen if you just kept your TOTP on your local computer with my method

 

[rusty_shackleford]

Takes a lot longer than 15 seconds just to read your post, which precludes most people here from bothering with it.

You'll end up saving more time from not having to find your phone though.

 

[Taluntain]

It's easy to use, it's free and it works, so why not? I'm sure there are other similar apps if you want to use a different one, but I've never had any reason to use another.

It's closed-source and unnecessarily stores your otp-codes on their servers, so things like this can happen: https://www.pcmag.com/news/twilio-hackers-also-compromised-authy-users

You're free to recommend alternative apps that you feel are more secure. But that usually comes at the cost of ease of use and convenience and isn't really worth it for the average user.

 

[rusty_shackleford]

ease of use and convenience

That's what you're doing by recommending people use a separate computing device altogether.

 

[OSK]

It's easy to use, it's free and it works, so why not? I'm sure there are other similar apps if you want to use a different one, but I've never had any reason to use another.

It's closed-source and unnecessarily stores your otp-codes on their servers, so things like this can happen: https://www.pcmag.com/news/twilio-hackers-also-compromised-authy-users

You're free to recommend alternative apps that you feel are more secure. But that usually comes at the cost of ease of use and convenience and isn't really worth it for the average user.

Rusty's suggestion is 100% valid, but I get why some people would be turned off. An alternative would be Aegis (https://getaegis.app/). It's open-source and your codes are stored and encrypted on your local device.

 

[Taluntain]

ease of use and convenience

That's what you're doing by recommending people use a separate computing device altogether.

This might come as a shock to you, but the majority of people today are never separated from their mobile. And they also access websites and apps outside of their man cave, on the move, so having an auth app on their desktop when they need it outside of their home wouldn't be very helpful.

 

[Hirato]

Greetings {UserName},

I am writing to you from the safety of my vault, as I ponder what may change the nature of a man.
I had prepared well in excess of 10 years of food, but the SirTech brothers have conspired against me and deprived me of my can opener.
As such, I am unable to sustain myself on the canned baby meat, and must persist with only the 150 days of other nourishment..
However, this stock is starting to run out and I require your immediate assistance to secure a new can opener.
You will remunerated fairly, so it is with all haste and secrecy that I bid to ascertain the authenticity of your account with a small transfer of $5,000.

Regards,
Your hyperborean neanderthal,
Cleveland Mark Blakemore

 

[rusty_shackleford]

ease of use and convenience

That's what you're doing by recommending people use a separate computing device altogether.

This might come as a shock to you, but the majority of people today are never separated from their mobile. And they also access websites and apps outside of their man cave, on the move, so having an auth app on their desktop when they need it outside of their home wouldn't be very helpful.

the average codexer thinks the government's 5g waves are a form of mass mindcontrol

do you still hold the same stance on this topic as you held before reading that statement?

 

[Taluntain]

Uhh... let's say that I was referring to the saner segment of Codexia.

 

[Crispy]

I also believe there's a distinct advantage to using a physically separate device for authentication than the one you're protecting. Your Codex account may be no big deal, but, for other, more important things, such as maybe checking your bank account using your phone or other things that, you know, modern people seem to do nowadays, just using the same device for two-factor authentication seems rather stupid, doesn't it?

 

[rusty_shackleford]

I also believe there's a distinct advantage to using a physically separate device for authentication than the one you're protecting. Your Codex account may be no big deal, but, for other, more important things, such as maybe checking your bank account using your phone or other things that, you know, modern people seem to do nowadays, just using the same device for two-factor authentication seems rather stupid, doesn't it?

which are you more likely to lose or have someone else get access to:

your desktop computer
OR
your phone

?

 

[Crispy]

Which is more likely to happen:

you lose your phone
OR
you lose your computer
OR
you lose both simultaneously, both somehow winding up in the same person's hands

?

 

[rusty_shackleford]

Which is more likely to happen:

you lose your phone
OR
you lose your computer
OR
you lose both simultaneously, both somehow winding up in the same person's hands

?

losing my phone

then I can't access anything that requires my phone to login

 

[Crispy]

Yes, but because you were using two separate devices (true 2FA), your accounts are protected!

 

[rusty_shackleford]

Yes, but because you were using two separate devises (true 2FA), your accounts are protected!

but if I just used my desktop then I'd be able to access my accounts


how often do you think the average person loses a desktop computer?

 

[Crispy]

How many people do you think access Codex from a laptop rather than a desktop computer, rusty?

The entire point I'm trying to make is that, just like with backup, using the same device for protection can be unwise. Authy offers excellent 2FA protection, it's typically going to be on a physically separate device, and it's extremely easy to use.

However, acknowledging your point, any 2FA is better than none.

 

[rusty_shackleford]

https://chipolo.net/en-us/blogs/lost-and-missing-items-what-we-lose-the-most-and-where-we-lose-it

Uber's latest Lost & Found report revealed that in the US, the top-10 items most frequently left behind in Ubers are:

1. Phone

2. Camera

3. Wallet

4. Keys

5. Purse / Backpack

6. Clothing

7. Glasses

8. Headphones

9. Vape / E-cig

10. ID / License

 

[lefthandblack]

Here's an idea faggots: They make this shit called paper and they make this other shit called pens. You can use a pen to write shit on paper. The even make things called notebooks which are just many sheets of paper bound together. You can write your passwords in your notebook and store it somewhere safe so that you can refer to it if you ever forget your password.

Modern technology! What will they think of next!

 

[rusty_shackleford]

Here's an idea faggots: They make this shit called paper and they make this other shit called pens. You can use a pen to write shit on paper. The even make things called notebooks which are just many sheets of paper bound together. You can write your passwords in your notebook and store it somewhere safe so that you can refer to it if you ever forget your password.

Modern technology! What will they think of next!

you don't understand 2FA

 

[lefthandblack]

Modern technology! What will they think of next!

you don't understand 2FA

I understand it fine. The point is that notebooks can't be hacked therefore do not require the use of a third party to secure your passwords. If you use a separate password for every site the most you will have to worry about is a single sites servers getting hacked and that one account getting compomised. With 2fa you are creating a weak point in which everything has the capacity to be compromised.

Don't put all your eggs in one basket.

 

[OSK]

Modern technology! What will they think of next!

you don't understand 2FA

I understand it fine. The point is that notebooks can't be hacked therefore do not require the use of a third party to secure your passwords. If you use a separate password for every site the most you will have to worry about is a single sites servers getting hacked and that one account getting compomised. With 2fa you are creating a weak point in which everything has the capacity to be compromised.

Don't put all your eggs in one basket.

you don't understand 2FA

 

[rusty_shackleford]

The point is that notebooks can't be hacked

yea they can, most passwords people would keep on a notebook would be trivially bruteforceable

I guarantee my 30 character long passwords in keepass are far more secure than anything you write and have to manually type from a notebook