PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

[SharkClub]

fizzelopeguss The Brazilian Slaughter Konjad darkpatriot

Might be worth figuring out which hack you were all a part of. How old is the password you were using on your codex account?

https://haveibeenpwned.com/

 

[Zed Duke of Banville]

2FA should be optional.

I use Bitwarden to generate secure, unique passwords for all of my accounts.

I’m pretty sure that 2FA is way overkill for a vidya game forum. Especially for those of us who stay out of the political threads.

The problem is that the vulnerability left by this group of Codexers does not merely damage them but results in forum-wide slowdowns and even the inability to access particular threads, if only temporarily. Although this particular solution is not the best.

I continue to maintain that login by username should be disabled. Login only with your email address, and keep that address as private as your password. Problem = solved.

If people are relying on the same username, email address, and password on the Codex as on other sites that have had their user information exposed, then switching from the username to email (or even requiring both) for login wouldn't help.

 

[gaussgunner]

what is worse 2FA or the vaxx

I wouldn't know, I've never had either. This email shit doesn't count, email and SMS are completely insecure and aren't real 2FA. More like 0.5FA.

 

[The Brazilian Slaughter]

fizzelopeguss The Brazilian Slaughter Konjad darkpatriot

Might be worth figuring out which hack you were all a part of. How old is the password you were using on your codex account?

https://haveibeenpwned.com/

Hmmm, I think I know where.
Ten years old at the very least.

Very sloppy on my part, but the account is ancient. Deactivated it for good. It holds no further use to me.

 

[Skinwalker]

If people are relying on the same username, email address, and password on the Codex as on other sites that have had their user information exposed, then switching from the username to email (or even requiring both) for login wouldn't help.

Three different pieces of information aligning perfectly is much less likely than two.

 

[jebsmoker]

i can get why someone would be indignant about more strict internet hygiene/op-sec being thrust upon them, but being fussy about more security that's for your privacy is probably the dumbest hill to die on

 

[GrafvonMoltke]

brb changing my passwords

 

[Konjad]

fizzelopeguss The Brazilian Slaughter Konjad darkpatriot

Might be worth figuring out which hack you were all a part of. How old is the password you were using on your codex account?

https://haveibeenpwned.com/

konjad@gmail.com doesn't exist anymore, but I would suspect it's been compromised by dozens of sites by now.

Now I use unique email for 'dex.

The password was possibly the same since I registered on 'dex and even longer.

 

[Sodafish]

I already had 2FA enabled so didn't notice a thing.

Why all the colossal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.

 

[Tacgnol]

InB4 it turns out that it was a staff account that got hacked, not uncommon. Perhaps your current suspect was a deliberate sacrifice, or even a patsy.

Nah, happened prior apparently. Crudux hasn't been changing passwords so I guess people don't notice unless they check their post history or someone notices their reduction in post count.

You sure it's him? I don't think I had any interaction with him in that thread, or anywhere else for that matter. No humble shit ratings, no nothing.

Could have been a copy cat I guess, especially if Crudux's actions gave someone else the idea. Though I don't think he interacted with DP and others that significantly either, just mostly quietly seethed.

From what the admins said, it sounds like it happened in a similar timeframe to his other account breaches though.

 

[fizzelopeguss]

InB4 it turns out that it was a staff account that got hacked, not uncommon. Perhaps your current suspect was a deliberate sacrifice, or even a patsy.

Nah, happened prior apparently. Crudux hasn't been changing passwords so I guess people don't notice unless they check their post history or someone notices their reduction in post count.

You sure it's him? I don't think I had any interaction with him in that thread, or anywhere else for that matter. No humble shit ratings, no nothing.

Could have been a copy cat I guess, especially if Crudux's actions gave someone else the idea. Though I don't think he interacted with DP and others that significantly either, just mostly quietly seethed.

From what the admins said, it sounds like it happened in a similar timeframe to his other account breaches though.

I wouldn't be surprised if there's a few all chatting together to cause some shenanigans. Serious butts have been blasted and scalps taken in that thread. And there's a bit of a persecution complex going on.

I barely even post in it but there's plenty of retard ratings given out.

It's a bit of a laff so far, so long as it stays to that, and no seriously queer shit starts happening. Cheers for pointing my post count out.

 

[Skinwalker]

Why all the collosal butthurt? Soymeat / bugburgers is a good thing. I eat bugs wherever possible.

We must all do our part to combat climate change, comradx.

 

[Infinitron]

I already had 2FA enabled so didn't notice a thing.

Why all the collosal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.

Personally, I'm mildly opposed to mandatory 2FA for normal users.

But I wonder how some people on this forum would feel if I personally did not have 2FA enabled. Because let me tell you, without 2FA, somebody would have gotten into my account and fucked this place up years ago, guaranteed. The Internet has become a much nastier place since the days of Mama's Gang. It'd be utter devastation.

 

[Hobknobling]

I already had 2FA enabled so didn't notice a thing.

Why all the collosal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.

Because companies use 2FA for datamining. The email 2FA on this webzone is fine in my books, but I will never voluntarily use my phone for any sort of 2FA.

 

[Semiurge]

InB4 it turns out that it was a staff account that got hacked, not uncommon. Perhaps your current suspect was a deliberate sacrifice, or even a patsy.

Nah, happened prior apparently. Crudux hasn't been changing passwords so I guess people don't notice unless they check their post history or someone notices their reduction in post count.

You sure it's him? I don't think I had any interaction with him in that thread, or anywhere else for that matter. No humble shit ratings, no nothing.

He put me on ignore some time ago but lifted the ignore eventually. Very mysterious as the lift can't just happen by accident, but I too have made a few posts in that thread.

what is worse 2FA or the vaxx

This email shit doesn't count, email and SMS are completely insecure and aren't real 2FA. More like 0.5FA.

How do email OTPs differ from app-based 2FA, are they encrypted with some weaker method? SMS being weak I understand as they are completely unencrypted.

 

[Haba]

I already had 2FA enabled so didn't notice a thing.

Why all the collosal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.

Because companies use 2FA for datamining. The email 2FA on this webzone is fine in my books, but I will never voluntarily use my phone for any sort of 2FA.

Then use a desktop app, you probably do your codexing in front of the PC anyway.

Tho lol at the "companies using 2FA for datamining". Meanwhile YewTube has 14 trackers.

 

[Peachcurl]

If you worry about getting tracked and your data getting used for whatever intransparent purposes, do not use a smartphone.

 

[Crispy]

BUT I HAVE TO USE A SMARTPHONE

IT'S IMPOSSIBLE TO DO ANYTHING TODAY WITHOUT ONE

Actually you can do just about anything without a smartphone. For example, you can pay your monthly bills by writing a paper che----

ARE YOU FUCKING CRAZY?!# NO ONE WRITES FUCKING CHECKS ANYOMTOMREW#¸c

 

[Sodafish]

I already had 2FA enabled so didn't notice a thing.

Why all the collosal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.

Because companies use 2FA for datamining. The email 2FA on this webzone is fine in my books, but I will never voluntarily use my phone for any sort of 2FA.

How can the TOTP tokens used by Authy and similar phone apps be used for data mining? You're not entering any information when the specific app account is created, and no email/text/push notification is ever sent to your phone.

 

[Stella Brando]

unless they're literally like "password" or "12345".

darkpatriot, The Brazilian Slaughter, Konjad

?????

My wasn't that easy, even if not long. Obviously, it wasn't a brute force but a stolen database password as I used the same one for all forums.

It was 'vodka,' wasn't it?

 

[Konjad]

unless they're literally like "password" or "12345".

darkpatriot, The Brazilian Slaughter, Konjad

?????

My wasn't that easy, even if not long. Obviously, it wasn't a brute force but a stolen database password as I used the same one for all forums.

It was 'vodka,' wasn't it?

You're not drinking alcohol unless you mix it with coke and energy drinks

 

[Skinwalker]

BUT I HAVE TO USE A SMARTPHONE

IT'S IMPOSSIBLE TO DO ANYTHING TODAY WITHOUT ONE

Actually you can do just about anything without a smartphone. For example, you can pay your monthly bills by writing a paper che----

ARE YOU FUCKING CRAZY?!# NO ONE WRITES FUCKING CHECKS ANYOMTOMREW#¸c

You don't even have a smartphone? My granny has a smartphone, and she's almost as old as you.

 

[Crispy]

God DAMN you're stupid, Liberal.

 

[Taluntain]

How do email OTPs differ from app-based 2FA, are they encrypted with some weaker method? SMS being weak I understand as they are completely unencrypted.

Regular e-mail isn't encrypted in any way, same as SMS texts are not.

 

[Peachcurl]

How do email OTPs differ from app-based 2FA, are they encrypted with some weaker method? SMS being weak I understand as they are completely unencrypted.

Regular e-mail isn't encrypted in any way, same as SMS texts are not.

Nitpick: Regular emails usually are encrypted during transport, but not during storage.