PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

[Semiurge]

There might be a problem with the Coronavirus thread caused by post deletions: https://rpgcodex.net/forums/threads/coronavirus-kung-flu-from-china-with-love.131586/page-1639

It seems to jump from post #40,946 on page 1638 to post #40,953 on page 1639.

The fuck.

 

[Atlantico]

There might be a problem with the Coronavirus thread caused by post deletions: https://rpgcodex.net/forums/threads/coronavirus-kung-flu-from-china-with-love.131586/page-1639

It seems to jump from post #40,946 on page 1638 to post #40,953 on page 1639.

The fuck.

The Ukraine thread is also fucked (again), every post is showing as posted June 1 and older posts are being mixed with newer ones

 

[Peachcurl]

Was it fixed already? At least I cant see any issues with current Ukraine thread.

 

[Atlantico]

Was it fixed already? At least I cant see any issues with current Ukraine thread.

Seems ok now, but earlier today it was behaving oddly.

 

[rusty_shackleford]

The next stage is to remove passwords entirely: https://fidoalliance.org/passkeys/

Google added support for this last month: https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/

109 was not enough

 

[Infinitron]

109 was not enough

What the fuck did I do?

Anyway, please go do some pro-BG3 posts.

 

[rusty_shackleford]

Anyway, please go do some pro-BG3 posts.

Sure
https://rpghq.org/forums/viewtopic.php?t=250-baldur-s-gate-3

 

[Twiglard]

For people complaining. You'll complain about either losing the ability to delete posts, or 2fa. You'll complain either way.

Hijacking old accounts and deleting posts is something any random loser script kiddie can do. These leaked account+password lists are freely available to kiddies and anyone with a very minor technical know-how can start removing thousands of Codex posts.

Perhaps a compromise could be made with Taluntain and DarkUnderlord where 2fa is force-enabled for everyone, but you can actually turn it back off if it annoys you a LOT.

For people thinking that 2fa means that Codex can record your phone number, you're wrong. It's enough to say that if you enable 2fa via an authenticator, there's no way for the Codex to connect the registered authenticator to the phone you're running it on. You can even enable it without a phone using a different kind of authenticator (the mechanism is generic enough¹ for this). Otherwise use email authentication.

For people for whom 'remember me' doesn't work and it prompts you all the time -- rate this post 'fabulously optimistic' so that I know how many people have this problem. I'll figure out a solution for you.

¹ An authenticator is a mathematically secure mechanism utilizing public-key cryptography. There's no central authority connecting authenticators with user personally identifiable information.

 

[ItsChon]

My time playing OSRS (a game where Venuelazans are constantly trying to hack your account so they can sell all your items for in game currency, which they transfer to their accounts so can sell it to other players because selling gold in a virtual game leads to more income for them and their families than working an actual job in Venezuela) has made me grow accustomed to just putting in my authenticator constantly, so I don't really care, but a fix would be nice if it'll be easy.

Thanks for the hard work!

 

[Twiglard]

a fix would be nice if it'll be easy.

How about now? I've disabled it for your account via the admin panel. Either it works for you now or it's going to turn itself back on... Figures.

 

[ItsChon]

a fix would be nice if it'll be easy.

How about now? I've disabled it for your account via the admin panel. Either it works for you now or it's going to turn itself back on... Figures.

The authentication got completely disabled and I was prompted to enable it once again. Once I did, I logged in and out several times and it seems to work now. If this was the solution, bravo for getting it done so quick.

 

[Twiglard]

The authentication got completely disabled and I was prompted to enable it once again. Once I did, I logged in and out several times and it seems to work now. If this was the solution, bravo for getting it done so quick.

It wasn't meant to turn itself back on. But now that you mention that it works, let's try it as the solution for everyone else with the same problem.

 

[Crispy]

I suppose having a very small list of the users here for which we disable 2FA is going to make it a lot easier in the future to choose whom to blame when something inevitably goes wrong.

 

[ItsChon]

Twiglard Actually the issue still persists. If I keep my browser open, I can log in and log out as many times as I want without having to go through my authenticator. As soon as I close my browser however, I need to go through the whole process again. I have my browser set to not save any cookies so that's probably why. Any suggestions outside of just unticking that option? Create an exception perhaps? Or is there a better way to go about things?

 

[Twiglard]

I have my browser set to not save any cookies so that's probably why.

 

[gaussgunner]

I have my browser set to not save any cookies so that's probably why.

No shit, Sherlock

When you log in, the website generates a big random number, saves it in its database, and tells your browser to save it in a cookie. It's called a session cookie. Every time you interact with the site, your browser sends that cookie to the server. If it matches one in the database, you're still logged in, otherwise you're not.

 

[Vic]

why not just enable cookies? are you logging in every time on every website?

are you wearing a tinfoil hat too?

 

[BruceVC]

Twiglard Actually the issue still persists. If I keep my browser open, I can log in and log out as many times as I want without having to go through my authenticator. As soon as I close my browser however, I need to go through the whole process again. I have my browser set to not save any cookies so that's probably why. Any suggestions outside of just unticking that option? Create an exception perhaps? Or is there a better way to go about things?

This has been identified several times on this thread as necessary for 2FA to work , just enable cookies for Codex. It doesnt have to apply for other websites

 

[Twiglard]

Zed Duke of Banville anything specific about your 2fa issue?

 

[Twiglard]

If you want a less intrusive experience with the Codex you can do something like this.

As well as all possible third-party things blocked in Firefox globally.

Here, there's something that actually improves privacy while browsing the Codex way more than purging *.rpgcodex.net cookies all the time. You can still use private mode for your shenangians.

 

[Crispy]

They're just going to spam the Report broken site button.

Spoiler

Yes, that's Jenkem.

 

[DarkUnderlord]

Gais i disable everything fr security keep me safe why fewatures not werk?>

 

[Zed Duke of Banville]

Zed Duke of Banville anything specific about your 2fa issue?

No, I've posted before that I'm hoping the Codex will settle on an alternative rather than 2FA that requires entering a code via email every time. Until then, I'll put up with it.

 

[Stavrophore]

We need a system where you plaster the screen of your smartphone with your dick, and King Crispy gets notification to check if the dick matches the user who is logging in. No tough password to remembers and the only security risk is Crispy knowing your dick.

 

[Lady Error]

RPG CODEX >Scales up your security to maximum level

Nazis and commies rejoice having a safe space on the Interwebs.