just a general rant

I know this will come so i will say now yes these things are good so something like crypto is a good system. The duality is that all these things are going to be used past that.

We already well past know that.

trackers exist also so i guess that is fake too? basically unless you know what you are doing then your web browser and everything you do inside it is tracking everything you do it also has a fingerprint.

The key is to mitigate that through various methods and the end goal as a user should be to falsify your credentials online anywhere you can. This means that they can track you in certain ways but you are not handing them everything on a platter.

Malneb said:

I know this will come so i will say now yes these things are good so something like crypto is a good system. The duality is that all these things are going to be used past that.

We already well past know that.

I have no idea what you are rabbiting on about. Your rant has become basic trolling imo.

cereberus said:

I have no idea what you are rabbiting on about. Your rant has become basic trolling imo.

Ok tell me why i am wrong then?

We have already been doing the thrid option with phones for like 15 years now. instead of 2fa its IMEI and when you buy a phone you have to use a drivers license to purchase that phone.

Malneb said:

Ok tell me why i am wrong then?

Whatever.

employment login systems are common now too it is reading your face biometrically when you clock into the job. I guess i am incoherent with all this though.

cannot make this stuff up. we are heading towards full transparency online.

if you are in the right industry or workplace currently, then they can track when you start the job when you clock off and when you get home. The camera knows its you and even displays your face

self service checkouts? yeah face scanning there too and it shows your face.

sounds crazy i know well because it is. Not sure what your self service checkouts are like in your country but here they show your face on the screen.

yeah its multifaceted but hey Ai copilot sounds great.

For the desktop computer it will be TPM most likely that is the way to pair creds to device but 2FA is still a layer of authentication, its also by design so forcing 2FA on various services is getting people acclimatized to it. you can argue but "i have been 2FA for years now" i can counter that and that there is millions of ppl not using 2FA currently.

Baby boomers are big percentage of people that are not using 2FA rarley if at all because they don't require it currently. well soon if it becomes more standard across many services as a forced requirment well that is no stone left unturned type of logic is it not?

yep because its a double edge sword so if you understand cybersecurity is black hat and white hat and those two opposing sides often blur to grey.

You are protecting yourself with those applications but at the same time you are feeding into a system that wants to smell your fart.

they tell us security this and that but just think about the data mining that they are doing on all consumers, its inside out one one hand we need to protect from the big bad wolf but we are out of the frying pan into the fire most of the time.

the big bad wolf s coming to get me better stock up on more security. Just think about plenty of places you go that don't actually need 2fA.

We don't need 2FA here right? on this forum as there is not really any crucial data that needs that level of protection. There is plenty f other places. I don't need 2FA to sign into a game forum but this is common place now still optional in most of those cases.

Ok so a 16 digit alphanumeric password that utilizes All the stops uppercase, lower case, numbers and letters is extremely hard to crack. for the Average user its basically impossible and for an actual hacker its well over a century of time needed to brute force that.

What is 2FA again? oh yeah its something that opens exploitation through rainbow tables and offers a false sense of security. We constantly hear database breaches and therefore nothing is secure. Whether you have 2FA or not.

the real way to do it is use the right style of password with no 2FA and if its for something sensitive then change that password periodically.

2FA is an added feature of Xenforo. So the Admin can allow us to use it if he wanted. I have the feature at my forum and use it.

2FA has nothing to do with the quality of a password or rainbow tables. Your long and complicated password is only good if it's never been snatched behind your back while using it. i.e password sniffer malware, database leak server side, etc. 2FA is another form of access control that helps mitigate things like a password sniffer or database leak from using your password. Without the six digit 2FA code, the password still won't work. (Though, the database may contain the 2FA hash for your account... But the hash needs to be broken. If it's Bcrypt or Argon2id, it'll take a very, VERY long time if at all with today's computing hardware).

The best (non-privacy invading) 2FA is the one generated from an App like Aegis or in a paid version of Bitwarden ($10/year), or via the Keepass OTP plug-in, etc. 2FA via SMS or e-mail is weak - very weak and absolutely egregious that companies even use those methods (just another privacy envasion) Worse yet, some companies think their App can function like 2FA (I'm looking at you, Steam). My bank, my freaking bank, which is no small bank uses SMS for 2FA! As the kids say, "weaksauce."

By far the best out of them all would be something like a Yubikey... While pretty gnarly in its own right, I don't like it because it's a chip, a chip like TPM or whatever... I chose to use 2FA via the methods I linked to above, and I do run a pretty tight ship. Especially with e-mail. For one, I never load images in e-mail and all e-mail is rendered as text only. If I get an e-mail completely crafted in BS fluff HTML, and if I can trust the sender by evaluating the headers and whatnot, I'll load the full on HTML content just for that one e-mail. I do this for reasons... I have played with would be spearfishers... Then I report them to their domain, webhost and to the Cisco owned spamcop website.


There are of course flaws with 2FA as well. Most come in the form of a spearfish e-mail attack. That's where Yubikey et al shines.


Hacks That Bypass Multi-Factor Authentication and How to Make Your MFA Solution Phishing Resistant - YouTube