Putting the 'role' back in role-playing games since 2002.
Donate to Codex
Good Old Games
  • Welcome to rpgcodex.net, a site dedicated to discussing computer based role-playing games in a free and open fashion. We're less strict than other forums, but please refer to the rules.

    "This message is awaiting moderator approval": All new users must pass through our moderation queue before they will be able to post normally. Until your account has "passed" your posts will only be visible to yourself (and moderators) until they are approved. Give us a week to get around to approving / deleting / ignoring your mundane opinion on crap before hassling us about it. Once you have passed the moderation period (think of it as a test), you will be able to post normally, just like all the other retards.

PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

Zed Duke of Banville

Dungeon Master
Patron
Joined
Oct 3, 2015
Messages
13,067
2FA should be optional.

I use Bitwarden to generate secure, unique passwords for all of my accounts.

I’m pretty sure that 2FA is way overkill for a vidya game forum. Especially for those of us who stay out of the political threads.
The problem is that the vulnerability left by this group of Codexers does not merely damage them but results in forum-wide slowdowns and even the inability to access particular threads, if only temporarily. Although this particular solution is not the best.

I continue to maintain that login by username should be disabled. Login only with your email address, and keep that address as private as your password. Problem = solved.
If people are relying on the same username, email address, and password on the Codex as on other sites that have had their user information exposed, then switching from the username to email (or even requiring both) for login wouldn't help. :M
 
Joined
May 11, 2007
Messages
1,854,413
Location
Belém do Pará, Império do Brasil

Skinwalker

*meows in an empty room*
Patron
Village Idiot
Joined
Aug 20, 2021
Messages
12,620
Location
Yessex
If people are relying on the same username, email address, and password on the Codex as on other sites that have had their user information exposed, then switching from the username to email (or even requiring both) for login wouldn't help. :M
Three different pieces of information aligning perfectly is much less likely than two.
 

jebsmoker

Arcane
Patron
Joined
Nov 17, 2019
Messages
2,657
Insert Title Here Strap Yourselves In I helped put crap in Monomyth
i can get why someone would be indignant about more strict internet hygiene/op-sec being thrust upon them, but being fussy about more security that's for your privacy is probably the dumbest hill to die on
 

Konjad

Patron
Joined
Nov 3, 2007
Messages
5,371
Location
Strap Yourselves In Codex Year of the Donut Codex+ Now Streaming! Torment: Tides of Numenera Wasteland 2 Steve gets a Kidney but I don't even get a tag.

Sodafish

Arcane
Joined
Dec 26, 2012
Messages
9,035
I already had 2FA enabled so didn't notice a thing.

Why all the colossal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.
 
Last edited:

Tacgnol

Shitlord
Patron
Joined
Oct 12, 2010
Messages
1,871,883
Codex 2016 - The Age of Grimoire Grab the Codex by the pussy RPG Wokedex Strap Yourselves In Codex Year of the Donut Shadorwun: Hong Kong Divinity: Original Sin 2 Steve gets a Kidney but I don't even get a tag. Pathfinder: Wrath I helped put crap in Monomyth
InB4 it turns out that it was a staff account that got hacked, not uncommon. Perhaps your current suspect was a deliberate sacrifice, or even a patsy.

Nah, happened prior apparently. Crudux hasn't been changing passwords so I guess people don't notice unless they check their post history or someone notices their reduction in post count.

You sure it's him? I don't think I had any interaction with him in that thread, or anywhere else for that matter. No humble shit ratings, no nothing.

:kingcomrade:

Could have been a copy cat I guess, especially if Crudux's actions gave someone else the idea. Though I don't think he interacted with DP and others that significantly either, just mostly quietly seethed.

From what the admins said, it sounds like it happened in a similar timeframe to his other account breaches though.
 

fizzelopeguss

Arcane
Joined
Oct 1, 2004
Messages
959
Location
Equality Street.
InB4 it turns out that it was a staff account that got hacked, not uncommon. Perhaps your current suspect was a deliberate sacrifice, or even a patsy.

Nah, happened prior apparently. Crudux hasn't been changing passwords so I guess people don't notice unless they check their post history or someone notices their reduction in post count.

You sure it's him? I don't think I had any interaction with him in that thread, or anywhere else for that matter. No humble shit ratings, no nothing.

:kingcomrade:

Could have been a copy cat I guess, especially if Crudux's actions gave someone else the idea. Though I don't think he interacted with DP and others that significantly either, just mostly quietly seethed.

From what the admins said, it sounds like it happened in a similar timeframe to his other account breaches though.

I wouldn't be surprised if there's a few all chatting together to cause some shenanigans. Serious butts have been blasted and scalps taken in that thread. And there's a bit of a persecution complex going on.

I barely even post in it but there's plenty of retard ratings given out.

It's a bit of a laff so far, so long as it stays to that, and no seriously queer shit starts happening. Cheers for pointing my post count out.

:bro:
 

Infinitron

I post news
Patron
Staff Member
Joined
Jan 28, 2011
Messages
99,540
Codex Year of the Donut Serpent in the Staglands Dead State Divinity: Original Sin Project: Eternity Torment: Tides of Numenera Wasteland 2 Shadorwun: Hong Kong Divinity: Original Sin 2 A Beautifully Desolate Campaign Pillars of Eternity 2: Deadfire Pathfinder: Kingmaker Pathfinder: Wrath I'm very into cock and ball torture I helped put crap in Monomyth
I already had 2FA enabled so didn't notice a thing.

Why all the collosal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.
Personally, I'm mildly opposed to mandatory 2FA for normal users.

But I wonder how some people on this forum would feel if I personally did not have 2FA enabled. Because let me tell you, without 2FA, somebody would have gotten into my account and fucked this place up years ago, guaranteed. The Internet has become a much nastier place since the days of Mama's Gang. It'd be utter devastation.
 

Hobknobling

Learned
Joined
Nov 16, 2021
Messages
471
I already had 2FA enabled so didn't notice a thing.

Why all the collosal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.
Because companies use 2FA for datamining. The email 2FA on this webzone is fine in my books, but I will never voluntarily use my phone for any sort of 2FA.
 

Semiurge

Cipher
Joined
Apr 11, 2020
Messages
7,649
Location
Asp Hole
InB4 it turns out that it was a staff account that got hacked, not uncommon. Perhaps your current suspect was a deliberate sacrifice, or even a patsy.

Nah, happened prior apparently. Crudux hasn't been changing passwords so I guess people don't notice unless they check their post history or someone notices their reduction in post count.

You sure it's him? I don't think I had any interaction with him in that thread, or anywhere else for that matter. No humble shit ratings, no nothing.

:kingcomrade:

He put me on ignore some time ago but lifted the ignore eventually. Very mysterious as the lift can't just happen by accident, but I too have made a few posts in that thread.

what is worse 2FA or the vaxx
This email shit doesn't count, email and SMS are completely insecure and aren't real 2FA. More like 0.5FA.

How do email OTPs differ from app-based 2FA, are they encrypted with some weaker method? SMS being weak I understand as they are completely unencrypted.
 

Haba

Harbinger of Decline
Patron
Joined
Dec 24, 2008
Messages
1,872,090
Location
Land of Rape & Honey ❤️
Codex 2012 MCA Divinity: Original Sin Project: Eternity Torment: Tides of Numenera Wasteland 2
I already had 2FA enabled so didn't notice a thing.

Why all the collosal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.
Because companies use 2FA for datamining. The email 2FA on this webzone is fine in my books, but I will never voluntarily use my phone for any sort of 2FA.
Then use a desktop app, you probably do your codexing in front of the PC anyway.

Tho lol at the "companies using 2FA for datamining". Meanwhile YewTube has 14 trackers.
 

Crispy

I feel... young!
Patron
Staff Member
Joined
Feb 16, 2008
Messages
1,877,246
Location
Future Wasteland
Strap Yourselves In
BUT I HAVE TO USE A SMARTPHONE

IT'S IMPOSSIBLE TO DO ANYTHING TODAY WITHOUT ONE

Actually you can do just about anything without a smartphone. For example, you can pay your monthly bills by writing a paper che----

ARE YOU FUCKING CRAZY?!# NO ONE WRITES FUCKING CHECKS ANYOMTOMREW#¸c
 

Sodafish

Arcane
Joined
Dec 26, 2012
Messages
9,035
I already had 2FA enabled so didn't notice a thing.

Why all the collosal butthurt? 2FA / MFA is a good thing. I use it wherever possible. Granted, enforcing it is possibly OTT in this case, but I mean get a grip. Install Authy on phone > setup account > spend 10 seconds once a month to enter a 6-digit code.

Hardly the day of judgement, chaps.
Because companies use 2FA for datamining. The email 2FA on this webzone is fine in my books, but I will never voluntarily use my phone for any sort of 2FA.

How can the TOTP tokens used by Authy and similar phone apps be used for data mining? You're not entering any information when the specific app account is created, and no email/text/push notification is ever sent to your phone.
 

Konjad

Patron
Joined
Nov 3, 2007
Messages
5,371
Location
Strap Yourselves In Codex Year of the Donut Codex+ Now Streaming! Torment: Tides of Numenera Wasteland 2 Steve gets a Kidney but I don't even get a tag.

Skinwalker

*meows in an empty room*
Patron
Village Idiot
Joined
Aug 20, 2021
Messages
12,620
Location
Yessex
BUT I HAVE TO USE A SMARTPHONE

IT'S IMPOSSIBLE TO DO ANYTHING TODAY WITHOUT ONE

Actually you can do just about anything without a smartphone. For example, you can pay your monthly bills by writing a paper che----

ARE YOU FUCKING CRAZY?!# NO ONE WRITES FUCKING CHECKS ANYOMTOMREW#¸c
You don't even have a smartphone? My granny has a smartphone, and she's almost as old as you.
 

RRRrrr

Arcane
Glory to Ukraine
Joined
Nov 6, 2011
Messages
2,308
This also happened to dextermorgan last month.

There are butthurt lunatics in the Ukraine War thread who WILL try to find your credentials in database leaks and break into your account. You have been warned.
Wow, this brought me memories of losing a pornhub account due to ruZZian hackers, losing all my carefully made playlists/saved videos. And of fucking course the hackers were ruZZian...doing this just to fuck with people. Made me hate ruZZia even more.

Makes sense that the lowest vatnik scum would fall so low as to hack profiles on the Codex and in turn force 2 factor authentication on all of us. butthurt vatnik scum should be banned outright, no questions asked. It's a matter of survival, it's us or them...

The Codex staff should just pull the trigger on all vatniks.
 

As an Amazon Associate, rpgcodex.net earns from qualifying purchases.
Back
Top Bottom