PUBLIC SERVICE ANNOUNCEMENT: 2FA NOW MANDATORY - YOU DON'T NEED A PHONE NUMBER FFS

[Taluntain]

https://haveibeenpwned.com/

784 pwned websites
13,647,430,268 pwned accounts
115,795 pastes
228,888,902 paste accounts

Says it all, really.

 

[Alex]

It works across the most platforms compared to the rest, which is an advantage for many users. And the breach wasn't critical, which would obviously get it removed from the list.

Taluntain, a honest question: Is there any point to the 2FA other than stopping people who use passwords stolen from some leak? Because, if that is the point, can't you just run once a week a script that matches the (hashed) passwords with those on the list of stolen ones and see of anyone is using a bad one? Then you could remove access to those who do until the create a new one. Would avoid all this trouble and be almost as safe, I think.

Not when passwords are stored using different hashing algorithms, and possibly salt.

Those lists have the untransformed password (they are, after all, compromised). Just hash and salt using the same algorithm that is used on the codex.

pictures one huge public list with all stolen passwords in the history of the internet

If you used the same one Chrome uses to check your stored passwords, I think it would be good enough for government work. Although I admit I didn't consider the computational cost of checking every password on the list against all the stored passwords on the database. 2FA is still a pain and way overkill for an old discussion board.

 

[SharkClub]

At this point, the second they remove 2FA some retard is going to try and do exactly what was already done to multiple peoples' accounts because they disagree with their opinion in the political sub forum, even if mass deletion is removed it's probably just as easy to cuck an account by mass editing every post they've made, and the moment you start applying bandaid fixes over bandaid fixes to stop that from being an issue is when the forum ceases to be usable for its proper purposes (for example, removing the ability to edit old posts, means that any thread with an opening post that gets updated is just not a thing anymore). Zero remorse or accountability has been shown by the people responsible the first time (on the contrary, it is commonly celebrated and everyone who points this out is screeched at) so why would anyone trust them to not do it again now that everyone knows how easy it is, even if the original retard who started it is no longer around (someone will make sure to tell him if 2FA gets removed as well, I'm sure).

 

[Modron]

I was under the impression he gained access to the accounts through compromised emails and changing their codex passwords, I imagine the majority of codexers are using email as their 2FA method so liberty has been sacrificed for no more security and this is just a collective punishment.

 

[Clockwork Knight]

Is "But I don't want to use Authy" the breakfast question of the codex?

 

[Modron]

Look at this guy acting like using authy is a mark of intelligence not even a week after they had a massive data breach.

 

[Taluntain]

It doesn't matter which app authenticator you use, they're all still better than e-mail.

 

[Clockwork Knight]

It doesn't matter which app authenticator you use, they're all still better than e-mail.

I don't understand the question, I just told you I don't want to use Authy.

 

[Modron]

What you mean I should use more than one password? I told you I already know this one.

 

[Melcar]

Just close your Codex account.

 

[Taluntain]

I don't understand the question

That's because it wasn't.

 

[BING XI LAO]

Since slava ukraini cux are the ones getting hacked, the 2FA should only apply to them

 

[Vic]

I don't understand the question, I just told you I don't want to use Authy.

I use this browser extension to authenticate https://addons.mozilla.org/en-US/firefox/addon/auth-helper/

 

[SharkClub]

If it's too difficult for vatniks to swallow their pride and admit that what CruduxCruo did was wrong, retarded and a way overkill reaction to being mega giga ultra butthurt then 2FA is obviously not that big a deal to them and all the posts from them are merely virtue signaling. Maybe it's time to assume some responsibility and show that you're not the same type of retard he is if you want the admins to listen to your cries for mercy from the big bad 2FA instead of denying he did anything wrong. They're not even going to consider removing it when the forum is full of idiots that celebrate his actions and happens to overlap with a large chunk of the people most vocally complaining about the extra layer of forum security. But of course, you'll keep rating cuck, retadred, etc. (every post pointing this out, including this one, vatniks are not learning creatures) and refusing to acknowledge he did anything wrong while begging for 2FA to be removed, because it's just that hard to swallow your pride. It's not some huge mystery as to why they choose to ignore your pleas for 2FA's removal.

 

[BING XI LAO]

If it's too difficult for vatniks to swallow their pride and admit that what CruduxCruo did was wrong, retarded and a way overkill reaction to being mega giga ultra butthurt then 2FA is obviously not that big a deal to them and all the posts from them are merely virtue signaling. Maybe it's time to assume some responsibility and show that you're not the same type of retard he is if you want the admins to listen to your cries for mercy from the big bad 2FA instead of denying he did anything wrong. They're not even going to consider removing it when the forum is full of idiots that celebrate his actions and happens to overlap with a large chunk of the people most vocally complaining about the extra layer of forum security. But of course, you'll keep rating cuck, retadred, etc. (every post pointing this out, including this one, vatniks are not learning creatures) and refusing to acknowledge he did anything wrong while begging for 2FA to be removed, because it's just that hard to swallow your pride. It's not some huge mystery as to why they choose to ignore your pleas for 2FA's removal.

STFU bitch or I will hack u

 

[Clockwork Knight]

>talk like the retard from the breakfast question
>receive genuine answers

 

[Gnidrologist]

Ok, so i'm posting from phone, where the retarded confirmation demand hasn't arrived yet. On my home PC i can't acess the Codex. I login and the stupid six digit number is not sent to me via mail.

I also tried to make temporary account, but coudn't because no confirmation mail comes back. Did it from alternative inbox.

What in hell is happening with your site?

 

[Peachcurl]

that's why they recommend not to use mail for 2fa

 

[Gnidrologist]

that's why they recommend not to use mail for 2fa

I have had my male for almost 30 years. There's nothing wrong with it and it worked fine for 20 years on Codex. There's some fucked up shit on the site.

 

[Vic]

email is an outdated technology

 

[Gnidrologist]

email is an outdated technology

No shit you dumb oaf, but it is technology that Rpgcodex demands you have to log in

 

[Vic]

email is an outdated technology

No shit you dumb oaf, but it is technology that Rpgcodex demands you have to log in

If you're using Firefox try to set up the browser extension I linked above, it works flawlessly on PC. It might also work for Firefox on Android, though I haven't tried.

Much simpler than using email. It's just 2 clicks to copy the code.

It's also available for chrome, edge and safari and is open source (it's on github).

 

[Melcar]

Holy shit. I just got another code .

 

[DarkUnderlord]

The truth is, every time someone requests a code email, I have to manually come up with some numbers and then send you an email. And sometimes I just don't bother or on the odd occasion I'm sleeping.

 

[Alex]

The truth is, every time someone requests a code email, I have to manually come up with some numbers and then send you an email. And sometimes I just don't bother or on the odd occasion I'm sleeping.

Well, I will say, you are usually pretty quick.