Thread 106404941

> trying to log in into my github accout
> fuck you, you must enable 2fa with some 3rd party services first
Why? I've never asked for this.

>>106404941 (OP)
So that Islamic empire won't steal your account and use it for pro Palestine propaganda

>>106404941 (OP)
So that Jewish empire will steal your account and use it for anti-Palestine propaganda

Passwords are legacy tech. Absolutely useless security theatre in the age of AI-assisted spearphishing.

>>106404941 (OP)
TOTP, retard bro

>>106405284
But I don't give a fuck

>>106405308
your parents too and we can see the results

>>106405295
What totp? Why can't I use 2nd password, but forced to install some shit on my smartphone (which I don't have) or browser instead?

>>106405400
you don't use any sort of password manager??

>>106405618
My brain is the password manager I use.

>>106405687
that's kind of awesome.

>>106405687
Your passwords are most likely ass, then.

>>106405792
No, they are words+digits combinations, strong enough.

>>106404941 (OP)
Forcing people to either be an itoddler or use android for various services now requiring phone as the second factor or a 'random' security check.
It is everywhere.
It's over.

>>106405841
Anon, you need to stop using qwerty12345 as your password.

>>106406031
No, it's combination of words and digits like picrel.

>>106406089
>using real words
>with obvious replacements
>only digits between the words
NGMI, 1 GPU-hour at worst and you're cooked

>>106404941 (OP)
>uses jewhub
you deserve it
>>106405203
kys

if a website allows an attacker to brute force a password without setting off any red flags, it's the website's fault
>maybe this legitimate user just forgot his password and is trying 50,000 different combinations per second

>>106406089
It's really cute that you think that's a strong password.

>>106406089
anon who told you that was a good password?

>>106406125
Nobody wants you here
Go back to r3ddit

>>106406172
this is a jew hating site, anon. Unlike reddit.

>>106406118
>>106406153
>>106406157
Using this for decades, never got hacked. Good luck bruteforcing it.

>>106406209
Sorry, your password is not good. Stay buttmad I guess?

>>106404941 (OP)
baseddevs love that shit

>>106406209
Yeah and I never locked the door and never been robbed
Therefore unlocked doors are safe

>>106404941 (OP)
i use passkey, much more secure. requires device to be present to login

>>106404941 (OP)
Retarded people use Passw0rd and get their accounts taken over, so everyone has to suffer to prevent them from being so retarded.

>>106406750
But it's you mad, trying to prove me that my password is bad.

>>106406817
It's completely wrong analogy and conclusion.

>>106408037
> to prevent
In the most retarded inconvenient way.

>>106404941 (OP)
WERE GONNA HAVE TO FORK GITHUB SADLY.

>>106408453
>In the most retarded inconvenient way.
How else are you going to prevent dumb fucking retards from getting their accounts """hacked""" when they use the same password on 50 different sites?

>>106405400
TOTP is just a password that is used to generate a temporary password based on the current time, can be completely offline as long as the clocks are synced

>>106408491
Send a code to email like any other service did?

>>106408712
So just another password, but in a complicated way.

>>106408775
The difference is that if someone how temporary password is leaked, it doesn't work anymore since the time has passed

>>106408799
if somehow*

>>106406146
Fucking Google made me 'recover' my account after I fucking typo'd my password TWICE.
Realistically I know this is because there are bots hammering it 24/7, but holy fuck that is both annoying and scary that if I didn't have my other recovery email I'd lose my roughly 20(? when it was new) year old gmail and shit.

They had to save face after disabling git password authentication, which was pure security theater given that you could still log in via password on the website and do whatever the hell you wanted.
Now it's technically more secure so it was "worth it" to waste everyone's time with inane bullshit.

>>106408827
GOOGLE IS SO DEAD
I WOULDN'T BE SUPRISED IF THEY START CRYPTO SCAMMING NEXT.
YOU KNOW, THOSE PEOPLE HAVE NO MORALS.

>>106405315
If OP's parents never gave a fuck he would never be here.

>>106408799
The same if your temporary password generator password leaked.

>>106408975
You don't send it anywhere, unlike a password that you use it on sites

Why not use a local TOTP? Even elgoog lets you use that shit

Ideally passwords wouldn't exist.

>>106405858
It's over for retards addicted to corporate slop. Intelligent people build their own platforms in the dark web.tgtxt

>>106409181
I remember this schizo

>>106408799
the difference is that the totp secret can't be stored hashed, because it needs to be used server-side to generate the temporary password
also that when you set up totp, pretty much any service also gives you 10(sic!) permanent recovery codes in a text file for safekeeping, which can be leaked

>>106409420
It can be stored encrypted, and again, you don't go sharing the recovery code or the secret like you do with passwords, that some people reuse in multiple websites

>>106409445
>that some people
problems of stupid people are not my problem

>>106409114
On what sites? Are you using the same password on multiple sites?

just set it up with keepassxc totp

>>106405203
It's called a Caliphate, Jeet.

>>106409247
Having a bank account is appearantly an addiction then.

>>106405841
>No, they are words
ngmi

github's totp implementation is broken

>>106406157
correct horse battery staple

>>106405618
use a book

>>106406153
go on, then

>>106409150
>>106409900
Because I didn't ask what to install.

>>106410359
It works and is as safe as your jf(743*&$hgHUG, but possible to remember

>>106409862
People are doing that. And they're also using their password on networks that aren't end-to-end secured. And their passwords are as short and simple as they can be. And so on.

The move to FIDO2 / webauthn with like yubi-, token2 or neonkeys is quite logical, and TOTP on smartphones is probably fine too.

>>106404941 (OP)
Just use KeepAssXC you stupid nigger.

>>106409558
>I am so le smart
hackers love hubris just as much as cluelessness

>>106411561
> KeepAssXC
For amateurs. Professionals write their own password managers.

>>106408775
>send a code to an email service that has the same username and password as the one that may be compromised

>>106412774
> send a key to a totp password generator that is installed on a hacked or stolen device

>>106410341
Yes. One of the worst.
Free yourself.

>>106412806
That requires the user to be retarded enough to get their iPhone hacked, and an attacker to hack that and get the user's password. The other option just requires the user to be of average retardation (password reuse).

>>106405400
>but forced to install some shit on my smartphone (which I don't have)
stop noticing, goy

>>106409150
>Why not use a local TOTP?
because banks don't let you
you (((must))) use their (((app))) on a (((smartphone))) for (((reasons)))

>>106406118
heres a sha256 of a password similar to what anon posted:
8e8bba732ace6141c16fd1067238b1b51ad1e83df6461e093f5e3a6825e31b52
if you can break it within 5 hours ill do nothing

>>106414731
ill help by saying it starts and ends with numbers and has 5 words, there are 3 two digit numbers, 1 three digit number and 2 one digit numbers, good luck

>log into github account
>Code better with Copilot AI
Ah fuck, time to find something else.