PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

[King Crispy]

That is no longer true.

FUCK YOU, NIGGER.

Hmm, seems okay to me.

 

[King Crispy]

Why do you have such a hardon for 2FA anyway?

You don't even know what you don't know.

For all you latecoming knuckleheads like Lady ERROR here, I had nothing to do with the decision to force 2FA, it was Taluntain's call. You know, the guy who literally owns the website?

However, I actually agree with his decision and I'm laughing at all the butthurt it's causing.

P.S.: Just out of curiosity, was it Infinitron or was it Taluntain who changed the thread title?

 

[The_Mask]

FUCK YOU, NIGGER.

Hmm, seems okay to me.

I meant to say that this is no longer the only forum that allows this amount of freedom of speech. There is competition now.

 

[King Crispy]

Ah, I see:

Taluntain

Thread title edited from 'PUBLIC SERVICE ANNOUNCEMENT: The importance of using two-step verification'

Today at 9:25 AM

It's amazing how I always take the blame for everything around here.

 

[Hirato]

I try to actively avoid 2FA.
I use long complicated passwords, and no one is going to guess them.
Which is to say, if I get pwned, it's going to be through means that invalidate any barriers afforded by 2FA.
I genuinely think the only reason I've not been pwned ever, is because I adblock the shit out of the web.

A very common bit of malware going around right now poses as legit software downloads, and even gets promoted as the first result (as an ad) on many google searches.
So if you googled something like 'obs download', the first result will be some ad that looks like a legit OBS download, and the page is completely spoofed.
And if you download the package there, you in fact do get OBS with it, but it also deploys its malware payload before it launches the original OBS installer.

This specific malware then collects everything it can, chief among them your browser's session tokens, which allows a bad actor to take over all your accounts without having to bother with 2FA or even passwords.
Many people have been screwed like this, and it's why there is such a massive proliferation of crypto scams, even on people that have bought into 2FA 'protections'.

 

[Lady Error]

I had nothing to do with the decision to force 2FA, it was Taluntain's call.

Nobody said that you are responsible for it. The question was why you are such a cheerleader for this 2FA nonsense.

 

[King Crispy]

Many people have been screwed like this

And those people are probably all 65+ years old.

 

[King Crispy]

The question was why you are such a cheerleader for this 2FA nonsense.

Interesting re-wording on your part but I'll answer nonetheless:

Because 2FA is easy to use (in my opinion), it's secure (in my opinion), it's going to prevent this kind of shit show from happening again (in my opinion) and Satan himself isn't sitting there waiting to capture my soul by enabling the use of a simple app or just a secondary email to allow me to sit here and spam useless shit on an obscure computer roleplaying game website all day (in my opinion).

Anyone making a big deal out of this is the same kind of person who will refuse to attend a public sporting event because of the agreement they enter into that's printed on the back of their ticket.

NO WAY, BRO. I'M NOT AGREEING TO THIS.

 

[OSK]

A very common bit of malware going around right now poses as legit software downloads, and even gets promoted as the first result (as an ad) on many google searches.
So if you googled something like 'obs download', the first result will be some ad that looks like a legit OBS download, and the page is completely spoofed.
And if you download the package there, you in fact do get OBS with it, but it also deploys its malware payload before it launches the original OBS installer.

This specific malware then collects everything it can, chief among them your browser's session tokens, which allows a bad actor to take over all your accounts without having to bother with 2FA or even passwords.
Many people have been screwed like this, and it's why there is such a massive proliferation of crypto scams, even on people that have bought into 2FA 'protections'.

Windows users, lol.

 

[racofer]

No other forum requires 2FA

No other forum allows you to say FUCK YOU, NIGGER and get away with it, does it?

Checkmate.

 

[PorkyThePaladin]

King Crispy is a retard, nothing new.

This clown show has already started. After enabling 2-factor authentication a couple of hours back, I was just randomly logged out of Codex and made to 2FA AGAIN. Seems like Crispy was bored and they just did this for the lulz.

 

[pqt]

I don't even use 2FA on my bank account why the fuck this forums force me to use it.

 

[EccentricLecher]

Many people have been screwed like this

And those people are probably all 65+ years old.

The question was why you are such a cheerleader for this 2FA nonsense.

Interesting re-wording on your part but I'll answer nonetheless:

Because 2FA is easy to use (in my opinion), it's secure (in my opinion), it's going to prevent this kind of shit show from happening again (in my opinion) and Satan himself isn't sitting there waiting to capture my soul by enabling the use of a simple app or just a secondary email to allow me to sit here and spam useless shit on an obscure computer roleplaying game website all day (in my opinion).

Anyone making a big deal out of this is the same kind of person who will refuse to attend a public sporting event because of the agreement they enter into that's printed on the back of their ticket.

NO WAY, BRO. I'M NOT AGREEING TO THIS.

So you're acknowledging that the 2FA is pointless here and nothing but a trivial inconvenience. If someone's password on this site gets compromised, the likelihood is that everything else is compromised on whatever device they used, including their 2FA email. Anyone with a brain can see it. Only way to get around that is to have a secure phone connect. But then again, having your phone connected to a website that takes one minute to make an account and at most a few days to get around the janny moderation period is pretty retarded and such a person who does that is dumb enough to get that phone compromised too. This whole thing seems like a glownigger datamining op to connect people's phones to their shitposting history so that they can instantly dump their social credit score when the globohomo social credit score system is implemented in most user's countries without having to go through the IPs. Very likely funded by Rusty Shackleford (it's ironic that a glownigger names themselves that) much like the lgbbbqhq redirect campaign.

 

[Roguey]

No other forum requires 2FA and it damages the forum by forcing people to jump through this hoop.

This cannot seriously be more than a temporary measure, DarkUnderlord. Don't really see much lulz coming from this either.

A few months ago DU made it clear that he would have no problem if this forum became a place where only a few posts a week were made. In fact, that may be his desired goal.

 

[BING XI LAO]

how CruduxCruo feels right now:

 

[ItsChon]

I think I have a solution. Taluntain Would it be possible to make it so the only people who can edit posts are the ones with 2FA enabled? That way we get to preserve our right to delete posts, and if someone chooses to have an unsecure account, they won't have the ability to delete their posts and this will prevent shit like this from happening. If someone ends up getting hacked and all their posts edited, then that will be their fault and the administration won't have any responsibility to fix the edited posts.

 

[King Crispy]

So you're acknowledging that the 2FA is pointless here and nothing but a trivial inconvenience.

I'm acknowledging that I personally may not have enforced its use, but I can certainly understand from the administration's point of view that by doing so we're saving ourselves hours of cleanup work.

Edit: Let me correct this. Until (and only until) Twiglard discovered and made use of the PAID add-on to Xenforo that Taluntain splurged on there would have been hours of cleanup work. Actually, I think the problem was so bad that certain threads such as the Ukraine one would never have been able to be made whole again. However, as it is, after utilizing that paid add-on, it only took Twiglard a few minutes to undelete everything. Just wanted to make that clear.

If someone's password on this site gets compromised, the likelihood is that everything else is compromised on whatever device they used, including their 2FA email.

Care to explain how?

Only way to get around that is to have a secure phone connect.

It's only one solution. You have your choice of apps to use or you can use an alternate email address.

such a person who does that is dumb enough to get that phone compromised too

I suppose you're right but if their phone is getting compromised somehow then they've got a lot more problems than having their RPG Codex posts deleted.

This whole thing seems like a glownigger datamining op to connect people's phones to their shitposting history

Okay, you caught us. I guess it's time to shut it down. Shut it down now.

 

[EccentricLecher]

So you're acknowledging that the 2FA is pointless here and nothing but a trivial inconvenience.

I'm acknowledging that I personally may not have enforced its use, but I can certainly understand from the administration's point of view that by doing so we're saving ourselves hours of cleanup work.

"hours" is an overstatement. Your moderation tools can't be that complex. Probably more like minutes.

If someone's password on this site gets compromised, the likelihood is that everything else is compromised on whatever device they used, including their 2FA email.

Care to explain how?

Keyloggers are some of the most common ways accounts are compromised. If your codex password is compromised via a keylogger, the email password is probably also compromised.

 

[King Crispy]

Probably more like minutes.

See my edit above.

Keyloggers are some of the most common ways accounts are compromised. If your codex password is compromised via a keylogger, the email password is probably also compromised.

Keyloggers aren't going to affect your cell phone.

 

[OSK]

I think you need something stronger than 2FA for Windows users. Maybe force them to sign in with their Microsoft account too?

 

[King Crispy]

Has anyone ever told you you're like a broken record?

 

[OSK]

Has anyone ever told you you're like a broken record?

Oops, I forgot you're a Loonix user.

 

[EccentricLecher]

Probably more like minutes.

See my edit above.

It's kinda hard to check up on edits while having to delete cookies to avoid the redirect. I really wish it would be turned off so I didn't have to do that just to browse the forum while being logged on. However,

Edit: Let me correct this. Until (and only until) Twiglard discovered and made use of the PAID add-on to Xenforo that Taluntain splurged on there would have been hours of cleanup work. Actually, I think the problem was so bad that certain threads such as the Ukraine one would never have been able to be made whole again. However, as it is, after utilizing that paid add-on, it only took Twiglard a few minutes to undelete everything. Just wanted to make that clear.

Nothing of value would have been lost. You can find bear v. pig webms that sum up some of the battles. So it's not like you need an actual thread for it.



"Would have been." Well you prevented the problem with an add-on. So why do we need to do 2FA? Just get smarter admins.

Keyloggers are some of the most common ways accounts are compromised. If your codex password is compromised via a keylogger, the email password is probably also compromised.

Keyloggers aren't going to affect your cell phone.

Unless you get a keylogger on your phone.

 

[gaussgunner]

such a person who does that is dumb enough to get that phone compromised too

I suppose you're right but if their phone is getting compromised somehow then they've got a lot more problems than having their RPG Codex posts deleted.

All phones are compromised.

 

[King Crispy]

I will just remind everyone that none of this would have happened (requiring 2FA to log in) had it not been for the actions of likely a single user who was so butthurt over the content or direction or even existence of one thread in our off-topic section that they decided to breach the accounts of several of the people who also participated in that thread and chose the one way to grief this site -- mass deleting posts, breaking multiple thread continuity -- that forced the administration to take action.

You can take issue with the severity of said action but to blame the administration for the incident in the first place is weapons-grade retardation.