Harley ๐Ÿ๐ŸŒฟFeb 21

- do you want to use google to sign in?
- do you want to add a passkey?
- do you want to add a 2FA token?
- we know you have 2FA but we've sent you an email instead
- this login attempt seems suspicious we've sent you a text about it
- can you click on these buses?
- you failed to click on the buses click on these bicycles instead
- should we save these details for next time?
- do you accept these trackers?
- you can opt out but we've decided it's legitimate interest anyway
- would you like to see a list of our 847 partners we share your data with?
- can we send you desktop notifications?
- can we access your location?
- do you want 10% off for signing up to the mailing list?
- do you want me to translate this page?
- hi I'm your friendly chatbot how can I help?
- oh no you can't buy this, reach out to us for a quote!
- do you wantโ€”

I'm tired boss

Show threadMan aging with madnessFeb 21

Sign in using 2FA hardware token, receive email "We've received a suspicious login! Click here to confirm it's you"

ffs, I used my bleeding hardware 2FA token; yes, it's me.

@lichendust

Show threadMan aging with madness

Even worse:

Attempt to sign into website on which I have my hardware 2FA configured. Correct password gets rejected. Oh, look; they sent me an email because they "don't recognize the computer" or "it's a sign-on attempt from a new location". I have hardware 2FA configured; don't fecking email-2FA me. I have hardware 2FA set up for a damned reason!

@lichendust

Feb 21 at 6:01pmWeb
Show threadJan EdenMar 6
@praxiscode @lichendust Github has another trick: My (correct) password is rejected ever since I configured a passkey. I can still change the password after logging in with the passkey, but it is only ornamental.