Another Friggin Dave
abadideanvidia: we are very concerned that if you don’t add 2fa to this account we forced you to make, criminals might download these free drivers without giving us accurate marketing demographic details
your bank: sorry, what? you want two tractors?
Ben Langmuir@0xabad1dea we use several factors to verify your identity when you enter your password from an IP we don’t recognize. Also, you can reset that password with just one factor.
Drew.zer0⌘@bdwl @0xabad1dea I called my bank for help getting into their site. They didn't have my phone number on file so they asked for it. Then immediately after that they required a security code that was sent by text, to the number I had just provided. 🤦
Alexander The 1st@AT1ST @bdwl @0xabad1dea Yep, the number I was calling from, all during the same phone call with the same representative. 🤔
Jernej Simončič �@drewzero1 @bdwl @0xabad1dea My bank used to have SMS confirmation when wiring money to non-saved accounts. You could set the phone number in the settings without needing any kind of confirmation.
Farce Majeure@bdwl @0xabad1dea yeah, and putting e.g. firmware blobs behind that veil makes your platforms absolutely exhausting to work on.
Andrew Feeney@bdwl @0xabad1dea “This email is to let you know that an unrecognised device just logged into your email account.”
Eth@bdwl @0xabad1dea that factor is also publicly available information that you cannot change.
(I once got a letter from a bank instructing me to not share my birthday with others, because they were doing this)
2xfo@0xabad1dea I have a credit card that I can't pay until I reset my password. Every. Time.
@0xabad1dea
I think they're storing passwords incorrectly
I think they're storing passwords incorrectly
Simon LucyUTF-8 innit.
Handler@RnDanger @0xabad1dea Oh! I had the same issue with Capital One. The problem was actually with my username. They changed the username requirements late last year, and of course didn’t tell anyone. Instead of an email address, they want a separate username now. Once I changed it, then everything worked again.
If yours is a Capital One account, try changing your username.
@handler @0xabad1dea
Oh, that ... could be something. I can't say it makes sense but it's something that may help. (I'm still not sure if they are handling data correctly but now I know they aren't handling customers well.)
Thank you 🙏
Jeff Miller (orange hatband)@RnDanger @0xabad1dea
Then there's the case when your encoding fails and all non-USASCII characters are equivalent to '?'.
But $LARGE_MEDIA_COMPANY fixed that long ago.
Enkiusz🇺🇦@0xabad1dea Drivers belong on FTP servers not bullshit websites ;)
@enkiusz unfortunately ftp also supports user/pass authentication
lp0 on fire 
Drivers belong as source code in HTTP-accessible repositories (and as or in packages, distributed as part of your OS). As we're talking about graphics drivers here:
Hasufin@0xabad1dea I'm still trying to figure out why the payment portal for my doctor has an "I'm not a robot" check.
Natanael ⚠️@Hasufin @0xabad1dea because your doctor isn't a mechanic
@Natanael_L @0xabad1dea But my *accountant* could well be!
Bonkers@Hasufin @0xabad1dea obviously, this is a doctor for humans. If you're a robot, better call the garage.
@bonkers @0xabad1dea No, what's weird is, it's not in the patient portal, just the payment. Apparently they will look at robots, but not accept payment from them. I suspect a conspiracy.
@Hasufin @0xabad1dea maybe they are robots and wait for a secret robot sign.
ilmari@Hasufin @0xabad1dea my local pizza place sometimes wants a captcha both after logging in and before payment. just in case I'd been borged while deciding what toppings I want.
raboof@Hasufin @0xabad1dea I'm guessing DoS 'protection'
@raboof @0xabad1dea If I'm being serious, my guess is they threw every possible "security" widget onto the payment portal and didn't ask "Does this make sense for this use case?"
Which actually makes it LESS secure, but their entire setup is not well-considered. (e.g., my checkup report said the units were metric, but the numbers were not. Said my body temp was 98.4°C which would be... cooked.)
Which actually makes it LESS secure, but their entire setup is not well-considered. (e.g., my checkup report said the units were metric, but the numbers were not. Said my body temp was 98.4°C which would be... cooked.)
Pau Amma
🆘Bill Cole 🇺🇦@0xabad1dea You make fun of it, but two-tractor authentication has never been cracked!
The cat who walks thru walls@grumpybozo @0xabad1dea Well, if you mean the kind of tractors that have VTOL capabilities, then yeah, those would help with authorization and access.
tekhedd@0xabad1dea Back when I got my first yubikey, my credit union didn't allow passwords over 8 characters long. When they extended that limit to 16 or something I called it a win.
paulmwatson@tekhedd “password” is 8 characters…
Jake 
@tekhedd
My place of work still limits passwords to 8 alphanumeric characters, no symbols or spaces. Also the assign them to you every six months.
@0xabad1dea
My place of work still limits passwords to 8 alphanumeric characters, no symbols or spaces. Also the assign them to you every six months.
@0xabad1dea
…Frosty! 🇺🇸🇳🇴 (+🇫🇮‘23)@0xabad1dea Palo Alto is the same. One can’t even look at support articles without signing in and doing 2FA. 😅
Jerry 🦙💝🦙@0xabad1dea I needed this laugh today. Also, painfully accurate.
Catherine is not complacent@0xabad1dea OK totally not a tech person but- why can’t I use my thumbprint ?
Mike Burns@CatDragon a good password is one that is hard to crack, is unique to the account (so if it is leaked then it only affects one account), can be secret, and can be changed when needed.
Fingerprints are great for identification, though - they could probably replace usernames.
@mikeburns I change all mine every week or so and am enough a Luddite to keep them in a notebook rather than stored online.
Sky Rose 🏳️⚧️ (they/them)@0xabad1dea My bank doesn't have TOTP-2FA, but they do have email-2FA. Or at least they did, until they locked me out of my account and forced me to downgrade from email to SMS-2FA and said it was to improve security.
Gabriel Pettier@0xabad1dea 4 digits is all we need!
Quentyn 
@0xabad1dea I suggested the same issue on Twitter, but apparently you can download the driver's manually still....
Eric Gilmour@0xabad1dea my bank limits me to 6 digit passwords and has no 2FA 🙃
ajuanjojjj@0xabad1dea Also your bank:
What do you MEAN that 4 numbers are not enough protection for your life savings? It would take AT LEAST a couple dozen tries to figure out, you're good!
What do you MEAN that 4 numbers are not enough protection for your life savings? It would take AT LEAST a couple dozen tries to figure out, you're good!
Geeklawyer@0xabad1dea "'2 factor orphan vacation'? I'm sorry sir, we can't talk to you while you're drunk, you make no sense"
Jason Scott@0xabad1dea When I worked at an ISP that had been around 8 years, my job was to contact the last 5 customers on UUCP and offer them free connectivity just to get them off UUCP.
All five were banks
Kevin@0xabad1dea when I had to change my passwords a few months ago (thanks lastpass) I was pleasantly surprised my banks let me have passwords longer than 8 characters now. The ones that did have 2FA most were sms but my credit union has authenticator 2FA.
Ravindra Kanodia
miraculous enbybug@0xabad1dea here in France, banks are required by law to provide and enforce 2FA (not sure if that’s an european or french thing tho)
http @melunaka @0xabad1dea The Spanish NIC (domain registry) was mandated to use 2FA, so I had to set up TOTP, which is great. But what about users that have not registered that yet? They just use email as 2FA, which makes them compliant.
endrift 🏳️⚧️@0xabad1dea my bank supports TOTP. Assuming you give them a phone number. What's a yubikey? Authenticators? Never heard of them.
Larry H@0xabad1dea
I signed up to access our trash pickup company's website. It required that you set up 2FA so I went with the TOTP option. Seemed like overkill, but was impressed they were on board with better security.
I signed up to access our trash pickup company's website. It required that you set up 2FA so I went with the TOTP option. Seemed like overkill, but was impressed they were on board with better security.
Siguza@0xabad1dea to the credit (heh) of my bank, they were mandating 2FA before authenticator apps even became widespread. They'd ship a little box with a keypad to every new customer and every time you wanted to log into online banking, after you had put your customer ID and password into the login form, you had to insert your bank card into the box, enter its pin, enter a code shown on screen, and then the box would give you a new code that you had to punch back into the website to complete the login. I think I'm at a non-terrible bank.
@siguza @0xabad1dea Cool old days. Nowadays every bank wants your mobile phone number in their custom unsafe app - to send you SMS in case you need to reset the app. I'm refusing to disclose my mobile number. So now I have to pay extra for those hardware boxes and cannot use credit cards anymore with any bank. I hate that trend of disclosing mobile numbers in order to be a customer. Spreading to health providers now too.
@http @0xabad1dea I'm pretty sure PostFinance let you do it with just an iPod touch... back when they were still supported. My mom set it up that way, and because that has no TouchID or FaceID, it'd prompt her to enter her passcode instead, so... I think that's actually SEP-backed? But I haven't checked.
@siguza @0xabad1dea Their banking login still works fine with the free authenticator box. They do have a banking app with limited functionality, but that's not for full login as far as I know. Not sure about their credit cards; I don't have one from them.
@http @0xabad1dea the old app had a login with limited functionality. They moved to a new one a couple years ago, which I think lets you do almost everything? (I haven't tried smth like opening a new credit card from the app, but all "regular" E-Finance stuff you can do there.) Biometric auth as 2FA is/was supported by both apps.
spv@0xabad1dea "i'm sorry stephen, but your account doesn't seem capable of purchasing two tractors"
Zep@0xabad1dea I swear shadowplay is always asleep whenever I make a play I want to save
Noble 
@Tiezep @0xabad1dea i love when shadowplay randomly turns itself off for the 58 billionth time and i only notice when i try to record something and nothing happens 🔥🔥🔥 thanks nvidia
TheFlomax 
@0xabad1dea Bitcoin is better UwU