Putting the 'role' back in role-playing games since 2002.
Donate to Codex
Good Old Games
  • Welcome to rpgcodex.net, a site dedicated to discussing computer based role-playing games in a free and open fashion. We're less strict than other forums, but please refer to the rules.

    "This message is awaiting moderator approval": All new users must pass through our moderation queue before they will be able to post normally. Until your account has "passed" your posts will only be visible to yourself (and moderators) until they are approved. Give us a week to get around to approving / deleting / ignoring your mundane opinion on crap before hassling us about it. Once you have passed the moderation period (think of it as a test), you will be able to post normally, just like all the other retards.

PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

Atlantico

Atlantico

unida e indivisible
Patron
Undisputed Queen of Faggotry Vatnik In My Safe Space
Joined
Sep 7, 2015
Messages
16,703
Location
Midgard
Make the Codex Great Again!
Peachcurl said:
Atlantico said:
If you have a unique password that can't be guessed, then 2FA does nothing for you.
Click to expand...
Even with a strong password, 2FA may still help in rare cases. That is, when you use 2FA via two different devices, and only one of those devices gets compromised.
Click to expand...
Rare cases yes. If I was an admin for a website I'd use 2FA, just to prevent an accidental "oops I somehow leaked my password" situation. It's the responsible thing to do as an admin.

That would deflect almost all casual wannabe script kiddies. A dedicated hacker has tools to infect phones and break the 2FA easily. Such as state sponsored hackers, but then if state sponsored hackers are after you, eh. You're pretty screwed.

Point being, 2FA is absolutely worth doing in certain situations, but not all. Nobody could possibly have hacked into my forum account without actually knowing my password. The problem is leaked passwords on the one hand and the law of diminishing returns on the other.
 
Zed Duke of Banville

Zed Duke of Banville

Dungeon Master
Patron
Joined
Oct 3, 2015
Messages
12,726
Perhaps someone could compile a list of all alternatives to 2FA that would successfully prevent the malicious from entering old Codex accounts, from people who re-used the same username and password as on other sites that have had their users' details exposed at some point, and then mass deleting posts, which screws up the forum in general and particularly threads that have a sufficient number of posts deleted.
 
OSK

OSK

Arcane
Patron
Joined
Jan 24, 2007
Messages
8,082
Codex 2012 Codex 2013 Codex 2014 PC RPG Website of the Year, 2015 Codex 2016 - The Age of Grimoire Make the Codex Great Again! Serpent in the Staglands Dead State Divinity: Original Sin Project: Eternity Torment: Tides of Numenera Wasteland 2 Shadorwun: Hong Kong Divinity: Original Sin 2 BattleTech Pillars of Eternity 2: Deadfire
Zed Duke of Banville said:
Perhaps someone could compile a list of all alternatives to 2FA that would successfully prevent the malicious from entering old Codex accounts, from people who re-used the same username and password as on other sites that have had their users' details exposed at some point, and then mass deleting posts, which screws up the forum in general and particularly threads that have a sufficient number of posts deleted.
Click to expand...

I already provided one! Have Windows users sign in with their Microsoft accounts! You could also add Facebook and Google as options!
 
United Nations

United Nations

Legion
Joined
Mar 29, 2007
Messages
4,596
Somebody needs to fix the fucking internet, maybe even somebody that posts here.

No more captcha, no more picture puzzles, no more codes sent to my fucking email address or phone.

No more disabling my ad block extension, antivirus, or vpn just so I can access a website.
 
gaussgunner

gaussgunner

Arcane
Joined
Jul 22, 2015
Messages
6,159
Location
ХУДШИЕ США
Zed Duke of Banville said:
Perhaps someone could compile a list of all alternatives to 2FA that would successfully prevent the malicious from entering old Codex accounts, from people who re-used the same username and password as on other sites that have had their users' details exposed at some point, and then mass deleting posts, which screws up the forum in general and particularly threads that have a sufficient number of posts deleted.
Click to expand...
Enable a password strength requirement and force everyone to change passwords.
 
Semiurge

Semiurge

Cipher
Joined
Apr 11, 2020
Messages
7,308
Location
Asp Hole
Zed Duke of Banville said:
Perhaps someone could compile a list of all alternatives to 2FA that would successfully prevent the malicious from entering old Codex accounts, from people who re-used the same username and password as on other sites that have had their users' details exposed at some point, and then mass deleting posts, which screws up the forum in general and particularly threads that have a sufficient number of posts deleted.
Click to expand...

Nuke all inactive alts. They're a big target for hijacks anyway.
 
Crispy

Crispy

I feel... young!
Patron
Staff Member
Joined
Feb 16, 2008
Messages
1,877,123
Location
Future Wasteland
Strap Yourselves In
oAZL5JK.jpg


:what:
 
The_Mask

The_Mask

Just like Yves, I chase tales.
Patron
Joined
May 3, 2018
Messages
5,925
Location
The land of ice and snow.
Strap Yourselves In Codex Year of the Donut Steve gets a Kidney but I don't even get a tag. Pathfinder: Wrath I helped put crap in Monomyth
Zed Duke of Banville said:
Tacgnol said:
Vic said:
just add a checkbox on login “I am not a hacker” that should keep them out
Click to expand...

"Putin is gay" mandatory checkbox.
Click to expand...
Although it would do nothing to resolve our current "hacker" problem, I've long maintained that the Codex would be greatly improved by requiring everyone to take an oath that they reject Bioware and all its works. :M
Click to expand...
That would burn some people like holy water. Holy smokes... ROFL
 
Vic

Vic

Savant
Undisputed Queen of Faggotry Bethestard
Joined
Oct 24, 2018
Messages
5,678
Location
[REDACTED]
so I just installed the addon 'EditThisCookie' and set the expiration for the 2fa cookie to expire in july 2024, which was the max it allowed me to do. thoughts?
 
MerchantKing

MerchantKing

Learned
Joined
Jun 5, 2023
Messages
1,495
This 2FA policy is the smartest thing this website as ever done. 2FA is necessary to personal internet security. The more 2FA checks you have to go through, the less likely a goy is going to be able to get into your account. Even if he discovers both your passwords, you have a dozen more 2FA's he has to go through which he doesn't know the passwords to.
 
Vic

Vic

Savant
Undisputed Queen of Faggotry Bethestard
Joined
Oct 24, 2018
Messages
5,678
Location
[REDACTED]
MerchantKing said:
This 2FA policy is the smartest thing this website as ever done. 2FA is necessary to personal internet security. The more 2FA checks you have to go through, the less likely a goy is going to be able to get into your account. Even if he discovers both your passwords, you have a dozen more 2FA's he has to go through which he doesn't know the passwords to.
Click to expand...
welcome back, how was life outside
 
You must log in or register to reply here.

As an Amazon Associate, rpgcodex.net earns from qualifying purchases.
Back
Top Bottom