• 0 Posts
  • 41 Comments
Joined 2 months ago
Cake day: November 7th, 2024
  • chickentendrilstotechnology@hexbear.netI hate 2FA HellEnglish
    4·
    47 minutes ago

    If you have any tech literate friends, you can all install Syncthing and quickly each create a personal push-only share. Then everyone you know is helping each other backup their password manager databases or anything else locally encrypted with a strong password that’s small enough to be acceptable. Micro SD cards are 1.5 and even 2TiB now, and work with my 4 year old Xiaomi phone.

    I’m thinking of the WeChat recovery option that just makes a couple people you had in your friends list or were your main contacts open a menu in settings and confirm you contacted them (I think IRL), in order to verify the recovery request.

  • chickentendrilstotechnology@hexbear.netI hate 2FA HellEnglish
    2·
    40 minutes ago

    I really like GRC’s Secure Quick Reliable Login (SQRL). It’s older than most examples but basically just the open version of the prompt on your phone. Authentication requests are made for a specific domain and sent back to that domain only. So much more phishing resistance than has been typical, similar to passkeys. It’s as seamless as scanning any QR code with a phone, or it integrates with a browser or local password manager/daemon. The prompts on the phone show you the unobfuscated domain name of what generated the QR code/auth request and if it’s never been used before like a phishing site, it’ll only offer user registration (usually with one-click).

    The backups of your credentials are just QR codes and can be printed on standard printer paper.

    It is used internally at a midsize organization for their internal systems authentication. Way less hassle than the Microsoft authenticator, no added hardware like a passkey.

  • chickentendrilstotechnology@hexbear.netI hate 2FA HellEnglish
    3·
    53 minutes ago

    Yeah for Steam you have to use 3rd party tools or pull a file off your mobile device/emulator and extract the TOTP secret (and use plugins for password managers to render the alphanumeric code with the characters they want, it’s just a non-standard TOTP representation and sucks so much).

    The maker of that “Authy” shit that’s just TOTP generator/backup once again locked behind your fuckin phone number deserves a special place in hell. It’s Twilio, a virtual phone/SMS API provider… and owner of Sendgrid. Same deal as with Steam where they’ll add the TOTP secret to the Authy app and you have to extract it manually to use in a different app/password manager. At least the codes are part of the IETF standard. Just generated with an uncommon <30s step interval for rolling over and I believe are 7 digits instead of 6. KeepassXC natively had configuration for it at least.

  • chickentendrilstochat@hexbear.netPhone has almost as much ram as a desktop but can't persist even 2 app states?????English
    8·
    1 day ago

    MIUI is very aggressive with background processes. There’s now 2-3 menus to descend into each time an app really needs to be excluded. I’m mostly okay with it because it probably contributed to why I charge my >4 year old phone every 2 days but in the cases where I’ve overriden it I can say there’s not much less of battery life… Like an email client checking every 10 mins and some other stuff has virtually zero impact.

    I did disable almost all the animation and the notification drawer blur effect and my phone feels faster than any current flagship lol

    My only peeve is the exclusions and such not being respected every time after reboots. When I do reboot, I sometimes have to restart two or three times or it’ll just randomly be killing some process it hasn’t cared about in months.

  • chickentendrilstochapotraphouse@hexbear.netI hope once the news cycle about The Adjuster dies down, he or a copy killer pops another one.English
    24·
    13 days ago

    There’s absolutely people chomping at the bit but without reliable support I think they’ll not execute for various reasons. If there’s any self-preservation or doubt that the public will just acquit anyone for these kinds of actions (probably best odds are medical insurance CEOs). Doing it all alone and not getting caught is just so damn hard.

    Our hero really put themself out there. I’m wondering if they considered any other tools for the job. I hope we never find out, but did they know about the lack of security detail? If it seemed like they would be apprehended immediately, would they have waited for another opportunity? Maybe they have been close before, that would be something.

  • chickentendrilstoAsklemmyWhat's wrong with bluesky?English
    11·
    19 days ago

    I assume Mastodon is equally capable of recommending things, but if it’s a common problem that people aren’t patient enough with then it could be fatal. It’s still an open question whether federation as its been used thus far is really there yet. I’m not entirely convinced, I’m glad it’s being tried. I’ll take a stab at it, I’ve worked on P2P distributed key-value storage for years. No huge ambitions though, I don’t really care about this use case. My conception of federation is closer to newsgroups, ideally it’s a global namespace for a topic but the feed is controllable by, effectively, a federated moderator web-of-trust that users can selectively opt into and demote mods as a personal preference. Maybe someone else can do it because I’m so disinterested.