Putting the 'role' back in role-playing games since 2002.
Donate to Codex
Good Old Games
  • Welcome to rpgcodex.net, a site dedicated to discussing computer based role-playing games in a free and open fashion. We're less strict than other forums, but please refer to the rules.

    "This message is awaiting moderator approval": All new users must pass through our moderation queue before they will be able to post normally. Until your account has "passed" your posts will only be visible to yourself (and moderators) until they are approved. Give us a week to get around to approving / deleting / ignoring your mundane opinion on crap before hassling us about it. Once you have passed the moderation period (think of it as a test), you will be able to post normally, just like all the other retards.

Increase in hacked accounts posting advertising content

Taluntain

Most Frabjous
Staff Member
Joined
Oct 7, 2003
Messages
5,501
Location
Your Mind
then I can't access anything that requires my phone to login
Authy allows you to generate a set of backup codes you can save to your computer to use in such a case. This is a non-issue.

I understand it fine. The point is that notebooks can't be hacked therefore do not require the use of a third party to secure your passwords. If you use a separate password for every site the most you will have to worry about is a single sites servers getting hacked and that one account getting compomised. With 2fa you are creating a weak point in which everything has the capacity to be compromised.
No, you really don't understand 2FA.
 
Joined
Jan 14, 2018
Messages
50,754
Codex Year of the Donut
Authy allows you to generate a set of backup codes you can save to your computer to use in such a case. This is a non-issue.
so instead of having the TOTP inside a password protected database, you have backup codes stored in a plain text file?

I'm confused as to why the phone is superior in this scenario.
 

Taluntain

Most Frabjous
Staff Member
Joined
Oct 7, 2003
Messages
5,501
Location
Your Mind
so instead of having the TOTP inside a password protected database, you have backup codes stored in a plain text file?
Obviously you don't have them stored in an unencrypted place if you want them to be secure, same as with everything else. You can write them down and hide them somewhere too, they're strings of 9 numbers, so easy enough to manage.
 

Ontopoly

Disco Hitler
Joined
Jan 28, 2020
Messages
3,050
Location
Fairy land
Just use a password manager so you don't have to reuse passwords and can pick secure passwords. 2fa is unnecessary unless you like being a faggot
 

lefthandblack

Arcane
Joined
May 5, 2006
Messages
1,287
Location
Domestic Terrorist HQ
yea they can, most passwords people would keep on a notebook would be trivially bruteforceable

I guarantee my 30 character long passwords in keepass are far more secure than anything you write and have to manually type from a notebook
Nah, I just mash random keys and then go back and make sure that the password meets the prerquisites i.e number of characters, symbols, etc. So you end up with something like this:

Vb8&hKpEe7f54jll90*!

If they can hack that they can have it.
 
Joined
Jan 14, 2018
Messages
50,754
Codex Year of the Donut
yea they can, most passwords people would keep on a notebook would be trivially bruteforceable

I guarantee my 30 character long passwords in keepass are far more secure than anything you write and have to manually type from a notebook
Nah, I just mash random keys and then go back and make sure that the password meets the prerquisites i.e number of characters, symbols, etc. So you end up with something like this:

Vb8&hKpEe7f54jll90*!

If they can hack that they can have it.
"was that an i or a 1 or an l?"
yeah, have fun
 

OSK

Arcane
Patron
Joined
Jan 24, 2007
Messages
8,089
Codex 2012 Codex 2013 Codex 2014 PC RPG Website of the Year, 2015 Codex 2016 - The Age of Grimoire Make the Codex Great Again! Serpent in the Staglands Dead State Divinity: Original Sin Project: Eternity Torment: Tides of Numenera Wasteland 2 Shadorwun: Hong Kong Divinity: Original Sin 2 BattleTech Pillars of Eternity 2: Deadfire
Let me help some people out.

The classic example of 2fa is using an ATM. In order to authenticate yourself at an ATM, you need two factors: a PIN and a bank card. If someone gets your PIN by watching you punch it in over your shoulder, they can't withdraw your money because they need your card. If someone steals your wallet and gets your card, they can't withdraw your money because they need the PIN. They need both things. Having a strong password is only one factor.
 

lefthandblack

Arcane
Joined
May 5, 2006
Messages
1,287
Location
Domestic Terrorist HQ
Let me help some people out.

The classic example of 2fa is using an ATM. In order to authenticate yourself at an ATM, you need two factors: a PIN and a bank card. If someone gets your PIN by watching you punch it in over your shoulder, they can't withdraw your money because they need your card. If someone steals your wallet and gets your card, they can't withdraw your money because they need the PIN. They need both things. Having a strong password is only one factor.
But the second factor requires a second device and if that device is missing, broken etc. you are locked out of ALL of your accounts that are relying on 2FA. All your eggs in one basket.
 

OSK

Arcane
Patron
Joined
Jan 24, 2007
Messages
8,089
Codex 2012 Codex 2013 Codex 2014 PC RPG Website of the Year, 2015 Codex 2016 - The Age of Grimoire Make the Codex Great Again! Serpent in the Staglands Dead State Divinity: Original Sin Project: Eternity Torment: Tides of Numenera Wasteland 2 Shadorwun: Hong Kong Divinity: Original Sin 2 BattleTech Pillars of Eternity 2: Deadfire
Let me help some people out.

The classic example of 2fa is using an ATM. In order to authenticate yourself at an ATM, you need two factors: a PIN and a bank card. If someone gets your PIN by watching you punch it in over your shoulder, they can't withdraw your money because they need your card. If someone steals your wallet and gets your card, they can't withdraw your money because they need the PIN. They need both things. Having a strong password is only one factor.
But the second factor requires a second device and if that device is missing, broken etc. you are locked out of ALL of your accounts that are relying on 2FA. All your eggs in one basket.

You're looking at it backwards. The primary concern of security is to keep unwanted people out, not let wanted people in. It's more preferable to lock out a valid user than it is to let in an invalid user. If you get locked out, either you're shit out of luck or, more likely, you now have to jump through a dozen hoops rather than two to authenticate.
 

lefthandblack

Arcane
Joined
May 5, 2006
Messages
1,287
Location
Domestic Terrorist HQ

You're looking at it backwards. The primary concern of security is to keep unwanted people out, not let wanted people in. It's more preferable to lock out a valid user than it is to let in an invalid user. If you get locked out, either you're shit out of luck or, more likely, you now have to jump through a dozen hoops rather than two to authenticate.
I'll take care of my own security thankyouverymuch. In the unlikely event that one of my handcrafted passwords gets hacked I have lost precisely dick. If I lost a phone holding the keys to all of my accounts I would be very very pissed off at myself for relying on some garbage like 2FA.

My advice is for likeminded people, if they want it it's there; I really don't care either way, it will not affect me regardless.
 

OSK

Arcane
Patron
Joined
Jan 24, 2007
Messages
8,089
Codex 2012 Codex 2013 Codex 2014 PC RPG Website of the Year, 2015 Codex 2016 - The Age of Grimoire Make the Codex Great Again! Serpent in the Staglands Dead State Divinity: Original Sin Project: Eternity Torment: Tides of Numenera Wasteland 2 Shadorwun: Hong Kong Divinity: Original Sin 2 BattleTech Pillars of Eternity 2: Deadfire
I'll take care of my own security thankyouverymuch. In the unlikely event that one of my handcrafted passwords gets hacked I have lost precisely dick. If I lost a phone holding the keys to all of my accounts I would be very very pissed off at myself for relying on some garbage like 2FA.

My advice is for likeminded people, if they want it it's there; I really don't care either way, it will not affect me reguardless.

That's your choice, until it's not. Places are increasingly forcing 2fa on people because compromised accounts don't only affect end users. RPG Codex is dealing with the fallout of people not properly securing their accounts, and they might turn around and force 2fa on everyone so they don't have to deal with the spam.
 

Taluntain

Most Frabjous
Staff Member
Joined
Oct 7, 2003
Messages
5,501
Location
Your Mind
But the second factor requires a second device and if that device is missing, broken etc. you are locked out of ALL of your accounts that are relying on 2FA. All your eggs in one basket.
For all the people in this thread who find redding hard, let me repeat: "Authy allows you to generate a set of backup codes you can save to your computer to use in such a case. This is a non-issue."

Unless you're too retarded to store your backup codes in a safe place, you're not locked out of anything if your authentication device is missing, broken or whatever.
 

Semiurge

Cipher
Joined
Apr 11, 2020
Messages
7,372
Location
Asp Hole
Best way would be to offer multiple layers of authentication. The first line of defence would be locking email and password changes behind authentication, without requiring it for every login. When you increase security from that point on, you lose some convenience. I ask again what does the built-in 2FA do when enabled? Is it designed to only work with authenticator apps, or is it email based?
 

Ranselknulf

Arcane
Patron
Joined
Nov 28, 2012
Messages
1,879,900
Location
Best America
PC RPG Website of the Year, 2015 Codex 2016 - The Age of Grimoire Make the Codex Great Again! Grab the Codex by the pussy Insert Title Here RPG Wokedex Strap Yourselves In Codex Year of the Donut Steve gets a Kidney but I don't even get a tag.
Best way would be to offer multiple layers of authentication. The first line of defence would be locking email and password changes behind authentication, without requiring it for every login. When you increase security from that point on, you lose some convenience.

The modern best practices for safety include QR Codes and Biometrics.

I'd advocate for codex login's to require a QR Code app link to a digital finger print reader.

Please value our privacy men, and support my agenda.
 

Chanel Oberlin

Pineapple appreciator
Patron
Joined
Oct 13, 2022
Messages
359
Just change your password daily and use a random generator each time for max safety

Signs_60.jpg
 

Taluntain

Most Frabjous
Staff Member
Joined
Oct 7, 2003
Messages
5,501
Location
Your Mind
Best way would be to offer multiple layers of authentication. The first line of defence would be locking email and password changes behind authentication, without requiring it for every login. When you increase security from that point on, you lose some convenience. I ask again what does the built-in 2FA do when enabled? Is it designed to only work with authenticator apps, or is it email based?
It prompts you for an authentication code once a month and probably at certain other potentially sensitive setting changes/triggers. It does NOT require you to enter a 2FA code every time you access the forums. It works with both e-mail and authentication apps, but e-mail is less secure and at least in my experience, prone to issues (e-mail not arriving, or having to wait for it, etc.). So I heartily recommend apps like Authy over e-mail.

Here's a how-to from another forum.
 

As an Amazon Associate, rpgcodex.net earns from qualifying purchases.
Back
Top Bottom