PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

[Silverfish]

For a heavy autistic based forum, you people are computer illiterate as fuck, damn.

Technology peaked during 1996 and you can't change my mind.

 

[Skinwalker]

I wrote a guide to help you guys setup 2FA without a phone, happy to help as always!
https://rpghq.org/forums/viewtopic....-a-phone-rusty-s-recommended-password-manager

Who asked?

 

[EccentricLecher]

I wrote a guide to help you guys setup 2FA without a phone, happy to help as always!
https://rpghq.org/forums/viewtopic....-a-phone-rusty-s-recommended-password-manager

So this new 2FA policy really is a glownigger gay op.

 

[Tacgnol]

I wrote a guide to help you guys setup 2FA without a phone, happy to help as always!
https://rpghq.org/forums/viewtopic....-a-phone-rusty-s-recommended-password-manager

So this new 2FA policy really is a glownigger gay op.

Well, that answers the question of why this guy got redirected to the HQ.

Edit: For the uninitiated
https://rpgcodex.net/forums/threads/what-is-this-rpghq-redirect-for.147234/

 

[Taluntain]

This might be a SHOCKING REVELATION but deleting posts is not supposed to fuck up threads.

Let's see here, option 1: fix whatever is wrong with Xenforo, name and shame the retard who got hacked.

Deleting a few posts doesn't mess anything up. Deleting thousands does. The XF devs are aware of the problem but in no rush to fix it because basically "you shouldn't do that anyway". Yeah.

it's a good thing we moved to xenforo 2 to avoid forum-breaking bugs and glitches!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

The bag of bugs is actually a bag of holding with an infinite supply.

 

[gaussgunner]

I will just remind everyone that none of this would have happened (requiring 2FA to log in) had it not been for the actions of likely a single user who was so butthurt over the content or direction or even existence of one thread in our off-topic section that they decided to breach the accounts of several of the people who also participated in that thread and chose the one way to grief this site -- mass deleting posts, breaking multiple thread continuity

I blame Xenforo.

 

[Saduj]

I'm one of the older posters here and don't really understand this 2FA stuff but I also don't want to get in any trouble. Is this the thread where I'm supposed to post my SSN?

 

[Melcar]

You guys have SSNs?

 

[PorkyThePaladin]

Crispy's SSN is 000-00-0001.

 

[Crispy]

You sure mention me a lot.

 

[PorkyThePaladin]

You did start this shitshow.

Though my working theory is that DU on hearing about this went on vacation and commanded you to be the lightning rod, on account of your already sizeable "popularity" here.

 

[Crispy]

No, you're just clearly obsessed with me. It's okay; lots of other people here are.

Have you ever tried not being gay?

 

[PorkyThePaladin]

Whatever you need to tell yourself to be able to sleep at night after turning a bastion of RPG free speech into 1984.

 

[fantadomat]

Soooo some fagz got drunk and ended up deleting a few of their posts,next day they noticed what they did and decided to say that they got hacked. LoL that is like a twatter meme lol

 

[gaussgunner]

The backup codes are only meant for BACKUP purposes, i.e. if you lose your primary access. They are not meant for normal use.

You can regenerate backup codes when you run out. That might be the easiest solution.

 

[darkpatriot]

Having to do the two factor authentication every time I close the browser window and open it again is a bit tedious.

 

[Taluntain]

You don't, you're either blocking cookies or using some addon or something else interfering with normal retention of the authentication for 30 days, as explained several times on the previous pages.

 

[darkpatriot]

You don't, you're either blocking cookies or using some addon or something else interfering with normal retention of the authentication for 30 days, as explained several times on the previous pages.

I clear all cookies and cached data automatically every time I close the browser. Because privacy and security are important.

 

[Taluntain]

Don't complain about things not working properly then, cookies have legitimate uses as well.

 

[Hirato]

It's been 24 hours, and I've had to enter another 2FA code to access the forum today.
Did you guys fuck with the settings, or is the checked by default 'Trust device for 30 days' thing just buggy?

I can see a cdx_tfa_trust cookie that's not supposed to expire until July 19th (that's a bit more than 30 days, but whatever), which I assume has to do with 2fa, but that doesn't appear to be blocked by anything.

 

[Zarniwoop]

For the retards in this thread who got it into their heads that the Codex wants to harvest their precious phone numbers for nefarious purposes: we don't get access to your phone number or any other info you use to set up 2FA. Not that the conspiracy theorists here will believe me, but still just spelling this out for the rest of the crowd.

Harvesting phone numbers isn't the problem, the problem is that it's incredibly annoying to use and the Codex isn't exactly a bank.

Luckily there is email verification as well and I am using that one. I am not giving my phone number to anyone I do not need to.

You don't need to give your phone number to anyone.

It's just annoying as fuck if you use more than 1 device to browse the dex because you have to keep entering the goddamn codes. Which in the current year, almost everyone does.

 

[Zarniwoop]

It's been 24 hours, and I've had to enter another 2FA code to access the forum today.
Did you guys fuck with the settings, or is the checked by default 'Trust device for 30 days' thing just buggy?

I can see a cdx_tfa_trust cookie that's not supposed to expire until July 19th (that's a bit more than 30 days, but whatever), which I assume has to do with 2fa, but that doesn't appear to be blocked by anything.

30 days lol.

It's never worked.

As someone mentioned already, it took YEARS to switch to https, but one loser gets hacked and instantly everyone gets the most annoying shit imagineable.

Just by this suspicious behavior alone, I have to wonder who exactly got hacked? Really gets the noggin joggin'.

 

[Blaine]

Don't complain about things not working properly then, cookies have legitimate uses as well.

Anyone with half a brain in this day and age runs a non-spyware ad blocker and Greasemonkey at a bare minimum in every browser.

I wasn't going to weigh in on this 2FA move until I had to authenticate for the third time today, just now; and that might be because I first checked the Codex on my laptop personal computer, then on my cellular telephone while I was at a barbecue this evening, and now I'm on my laptop personal computer once again, having authenticated for the third time in fewer than sixteen hours.

My forum, which I own and administrate and which receives traffic similar to yours, and which is often the target of bad actors, also runs on Xenforo—but over there, we manage not to fuck shit up like a bunch of cartoon clowns.

I'm sorry you've been literally hacked by Russians, and I'm keenly aware that you're all volunteers working absolutely for free (so are my own slaves), but making your site obnoxious to use for a significant portion of your user base as a form of damage control probably isn't a viable long-term or even medium-term solution.

Finally, other Codex cookies are able to function on most users' browsers, or the site would be obnoxious for them to use. Basic, simple logic tells us that the problem here lies with your 2FA functionality.

 

[rusty_shackleford]

wow huh that sure is a lot of trackers & ads you guys have

 

[Crispy]

I thought we got rid of you.