yet all 2fa (except for fricking steam guard) all force sms codes. including .gov and .bank services. what's up with that?? why a fricking GAYMER SHIT has more security than literal irl related services
You find technological progress in surprising places. Broadband was originally designed and pushed by porn industry, porn sites were pioneers in tag-based sorting systems. In fact I've yet to see a faster implementation of automated arbitrary query builder than on e621. It's a marvel of technology no other site seems to be capable of even with budgets in the millions.
Coomers are pioneers on tech.
I remember reading that some important algos for better optimization of 3d animation were made because animators were trying to better model Elizabeth from Bioshock Infinity.
2 months ago
Anonymous
Pornhub is also about 10x lighter than YouTube on javascript and implemented things that YouTube later adopted, like the engagement graph and chapters
You find technological progress in surprising places. Broadband was originally designed and pushed by porn industry, porn sites were pioneers in tag-based sorting systems. In fact I've yet to see a faster implementation of automated arbitrary query builder than on e621. It's a marvel of technology no other site seems to be capable of even with budgets in the millions.
Does anybody know if there's a repository or similar of tidbits like these? I am kind of interested in learning more about bleeding edge developments as a result of coomer pioneering, and /cumg/ got nuked IIRC.
2 months ago
Anonymous
Not exactly coom, but https://tonsky.me/blog/js-bloat/
And /cumg/ is still alive on coom dot tech
maybe in your meme country, where I live we only use Fido, proprietary authenticator apps for banking (not activated via SMS) or TOTP
SMS does work for some minor things, but mostly as fallback
SMS 2FA has a natural backdoor in your phone provider, especially since it usually doubles as an account recovery method. Just click "forgot my password" and subpoena the SMS messages. Or if you've already cracked the password, you can just subpoena the SMS messages for verification codes.
The other methods aren't as easy to crack. They require physical access or the ability to decrypt and utilize intercepted messages in sub-minute times.
>he doesn't have a backup of his yubikey
the funny part is that it's impossible
any service where you can use Fido allows multiple keys to connect to your account
>write down your passwords >actually don't write down your passwords, writing that shit down is bad >add 2FA so you can log in with extra steps >also your 2fa is more important than your password >write down this 2fa info that can be used to override everything you already set up, writing that down if essential and isn't bad mkay
They didn't solve the problem at hand, they added extra steps, all while removing anonymity wherever they can.
>all while removing anonymity wherever they can
All according to cake then. I'm far more concerned with heavy push into digital currencies like EUDI wallet, so EU would realtime control every citizens funds like china and employ policies like expiring money, restrictions on who can buy what when and how much.
Governments want centralized absolute control over your money and make up rules as they go, which cryptos are an antithesis to.
>password too long
this makes sense, you dont waste processing power hashing a 20402 character password >password doesnt contain !
agreed, this is dumb >password not containing big characters
I can see why, programmers were too fricking lazy trying to process anything that doesn't conform to utf8. though I can see why
Why limit it to something like 30 though? Wouldn't limiting inputs to something like 500 be smart? Of course some algos like bcrypt can only handle 56-72 bytes of input depending on implementation, but that's more of a sign to upgrade password algorithm anyway. Something like argon2id which is dynamic difficulty and memory-hard
Best passwords are living biometrics which can only arise when you are comfortable. Not fingerprints since someone can cut your finger off. Something more like you saying a passphrase out loud while your heart rate is resting. Or a hashing algorithm ran against freshly produced and living ejaculate as a OTP: not just checking the DNA hash but also that there's actual stuff swimming in there. Someone could probably mod a USB fleshlight and solve security once and for all.
There are two major ways you get unauthorized access:
- someone who knows you personally, this person benefits from you writing down your passwords
- jeet dragnet database leaks, this person benefits from you reusing your passwords
2FA is a temporary rotating code, you don't "write down" your code, you input it alongside your password and it absolutely fricks both the above people
>password too long
this makes sense, you dont waste processing power hashing a 20402 character password >password doesnt contain !
agreed, this is dumb >password not containing big characters
I can see why, programmers were too fricking lazy trying to process anything that doesn't conform to utf8. though I can see why
>don't save your password in the password manager >have to click I forgot my password every time
This is the best 2FA.
>It drives me nuts almost no provider allows the full characterset to be used in passwords, and get notifications like
see parody game;
https://thepasswordgame.io/
A good way to stop 3rd worlders from compromising your account with credential stuffing and even better way to filter IQfy NEETs and /misc/ manlets from using your service (they think that setting up 2FA is just like getting the jab or bending the knee to some organisation they dont like). Needless to say that its not absolutely fool-proof solution since advanced attacker can try to hijack your login session (u2f key can prevent that in case they use reverse proxy but nothing can really protect you from malware, unless you are on qubes). You should also back up your 2FA to not lock yourself out of accounts (its very easy on android since you can just attach aegis backup to android system backup).
i just tried
keepass
lastpass
bitwarden
nordlocker
protonpass
keeper
dropbox's passwords
and i fricking hate the idea of paying a subscription or else they lock you out of features on a password manager.
like holy shit what a bad idea why would you ever do that
SMS 2FA has a natural backdoor in your phone provider, especially since it usually doubles as an account recovery method. Just click "forgot my password" and subpoena the SMS messages. Or if you've already cracked the password, you can just subpoena the SMS messages for verification codes.
The other methods aren't as easy to crack. They require physical access or the ability to decrypt and utilize intercepted messages in sub-minute times.
Anon, if law enforcement wants you bank data they simply ask your bank for your financials and they will give them everything they have on you.
passkey deprecates MFA
Passkeys are MFA. They are just like SSH authentication keys but friendly to normies.
>bank says they care about my account safety >says they always strive to do and provide the best >still uses SMS or call OTP for logging in the browser >according to them it's not a problem because I can just download the app on my nonexistent smartphone >called them to warn I'm going to Japan and won't be able to receive calls nor texts as a safety measure, so they could just input it on the system >they say they're not able to because it's all automated
I fricking hate it so much
Using Authy with all my private tracker keys, didn’t save the web URL to the account so not I just have a load of 2FA codes with the same username. RIP
>Write down every password on an envelope with 4 years worth of tax return money in it left on my desk in plain view
You want my accounts? Come and get them.
It's an argument against passwords, not authenticators.
Passwords are pointless because people save them on phones. Most people would have the same security with less hassle by using 1FA with authenticator only, no password.
Well it turns out we invented TOTP after we used passwords for decades. You're welcome to pioneer a password-less system with your own login system though.
just never lose your phone, its the most important object. keep the microphone, camera, gps computer on you at all times or your life is over and you cannot access any of your accounts. soon you wont be able to make any transactions without it. police will arrest you if you are without your smartphone identification.
If you want to live like an outcast (which you already are) it should be totally possible for you to live without a smartphone in most places in the world.
Anons, if you were a bank, how would you authenticate your users on their mobile banking app? Would you make deploy your own proprietary MFA (soft tokens), use a vendor proprietary MFA or make customers use their biometrics (face)? I’d imagine each comes with drawbacks but what would you think would be the most secure? Some banks have their proprietary in built in their apps, some crypto exchanges like Binance make you download another app of theirs to authenticate which is a bit of a drag.
SMS = bad
FIDO2 = good
challenge-response = good
yet all 2fa (except for fricking steam guard) all force sms codes. including .gov and .bank services. what's up with that?? why a fricking GAYMER SHIT has more security than literal irl related services
You find technological progress in surprising places. Broadband was originally designed and pushed by porn industry, porn sites were pioneers in tag-based sorting systems. In fact I've yet to see a faster implementation of automated arbitrary query builder than on e621. It's a marvel of technology no other site seems to be capable of even with budgets in the millions.
Coomers are pioneers on tech.
I remember reading that some important algos for better optimization of 3d animation were made because animators were trying to better model Elizabeth from Bioshock Infinity.
Does anybody know if there's a repository or similar of tidbits like these? I am kind of interested in learning more about bleeding edge developments as a result of coomer pioneering, and /cumg/ got nuked IIRC.
Not exactly coom, but https://tonsky.me/blog/js-bloat/
And /cumg/ is still alive on coom dot tech
Thanks anon!
Pornhub is also about 10x lighter than YouTube on javascript and implemented things that YouTube later adopted, like the engagement graph and chapters
maybe in your meme country, where I live we only use Fido, proprietary authenticator apps for banking (not activated via SMS) or TOTP
SMS does work for some minor things, but mostly as fallback
SMS 2FA has a natural backdoor in your phone provider, especially since it usually doubles as an account recovery method. Just click "forgot my password" and subpoena the SMS messages. Or if you've already cracked the password, you can just subpoena the SMS messages for verification codes.
The other methods aren't as easy to crack. They require physical access or the ability to decrypt and utilize intercepted messages in sub-minute times.
>challenge-response = good
I can break it in the US, canada and a few othercountries, but most ppl can't, it's good enough.
With a phone, better even a authenticator app which is allways online, its scam
>bird flies into room
>steals Yubikey
>flies away
>can't access bank account
Do you live in a shanty?
>he doesn't have a backup of his yubikey
>he doesn't have a backup of his yubikey
the funny part is that it's impossible
any service where you can use Fido allows multiple keys to connect to your account
you're supposed to have multiple
SMS 2FA might aswell "pls no break" authentication, it's incredibly insecure.
Only if the provider is bad
SMS is fundamentally borked, it shouldn't be used for anything security related period
>write down your passwords
>actually don't write down your passwords, writing that shit down is bad
>add 2FA so you can log in with extra steps
>also your 2fa is more important than your password
>write down this 2fa info that can be used to override everything you already set up, writing that down if essential and isn't bad mkay
They didn't solve the problem at hand, they added extra steps, all while removing anonymity wherever they can.
>all while removing anonymity wherever they can
All according to cake then. I'm far more concerned with heavy push into digital currencies like EUDI wallet, so EU would realtime control every citizens funds like china and employ policies like expiring money, restrictions on who can buy what when and how much.
digital currency was already solved with crypto
Governments want centralized absolute control over your money and make up rules as they go, which cryptos are an antithesis to.
Why limit it to something like 30 though? Wouldn't limiting inputs to something like 500 be smart? Of course some algos like bcrypt can only handle 56-72 bytes of input depending on implementation, but that's more of a sign to upgrade password algorithm anyway. Something like argon2id which is dynamic difficulty and memory-hard
Best passwords are living biometrics which can only arise when you are comfortable. Not fingerprints since someone can cut your finger off. Something more like you saying a passphrase out loud while your heart rate is resting. Or a hashing algorithm ran against freshly produced and living ejaculate as a OTP: not just checking the DNA hash but also that there's actual stuff swimming in there. Someone could probably mod a USB fleshlight and solve security once and for all.
There are two major ways you get unauthorized access:
- someone who knows you personally, this person benefits from you writing down your passwords
- jeet dragnet database leaks, this person benefits from you reusing your passwords
2FA is a temporary rotating code, you don't "write down" your code, you input it alongside your password and it absolutely fricks both the above people
>don't save your password in the password manager
>have to click I forgot my password every time
This is the best 2FA.
It drives me nuts almost no provider allows the full characterset to be used in passwords, and get notifications like
>password too long
>password doesent contain !
>Password not containing big characters
On a string like
ç17Wò©ÎqÑMk¬,ät;¸*Íóâ½fòLå"/7jÇ[/t3x¼ÍñEf´=륿%5¤ÂÇqUZý{â=gDýí
>password too long
this makes sense, you dont waste processing power hashing a 20402 character password
>password doesnt contain !
agreed, this is dumb
>password not containing big characters
I can see why, programmers were too fricking lazy trying to process anything that doesn't conform to utf8. though I can see why
Even emojis conform to utf8, but it's more likely devs just use a very simple monke regex to see if it's A-Z
>programmers were too fricking lazy trying to process anything that doesn't conform to utf8
why passwords are not treated just like a bitfield, then?
Frick if I know
>It drives me nuts almost no provider allows the full characterset to be used in passwords, and get notifications like
see parody game;
https://thepasswordgame.io/
it's fricking stupid and annoying
A good way to stop 3rd worlders from compromising your account with credential stuffing and even better way to filter IQfy NEETs and /misc/ manlets from using your service (they think that setting up 2FA is just like getting the jab or bending the knee to some organisation they dont like). Needless to say that its not absolutely fool-proof solution since advanced attacker can try to hijack your login session (u2f key can prevent that in case they use reverse proxy but nothing can really protect you from malware, unless you are on qubes). You should also back up your 2FA to not lock yourself out of accounts (its very easy on android since you can just attach aegis backup to android system backup).
i just tried
keepass
lastpass
bitwarden
nordlocker
protonpass
keeper
dropbox's passwords
and i fricking hate the idea of paying a subscription or else they lock you out of features on a password manager.
like holy shit what a bad idea why would you ever do that
Self-hosted vaultwarden.
Anon, if law enforcement wants you bank data they simply ask your bank for your financials and they will give them everything they have on you.
Passkeys are MFA. They are just like SSH authentication keys but friendly to normies.
Good luck with my hardware wallet, homosexual
>bank says they care about my account safety
>says they always strive to do and provide the best
>still uses SMS or call OTP for logging in the browser
>according to them it's not a problem because I can just download the app on my nonexistent smartphone
>called them to warn I'm going to Japan and won't be able to receive calls nor texts as a safety measure, so they could just input it on the system
>they say they're not able to because it's all automated
I fricking hate it so much
passkey deprecates MFA
Using Authy with all my private tracker keys, didn’t save the web URL to the account so not I just have a load of 2FA codes with the same username. RIP
>every password saved in a encrypted text file
>no recovery emails, good luck trying to hack my accounds
>Write down every password on an envelope with 4 years worth of tax return money in it left on my desk in plain view
You want my accounts? Come and get them.
I salute you, my brother.
For most people, it's really just 1FA because the same phone autofills passwords and has an authenticator app.
99.99% of attacks aren't from people physically possessing your phone and at that point you're already fricked.
It's an argument against passwords, not authenticators.
Passwords are pointless because people save them on phones. Most people would have the same security with less hassle by using 1FA with authenticator only, no password.
Well it turns out we invented TOTP after we used passwords for decades. You're welcome to pioneer a password-less system with your own login system though.
Bloat
>log into banking app
>nooooo, sir you need second factor for login
>second factor is just another app on the same phone
Wow much security
just never lose your phone, its the most important object. keep the microphone, camera, gps computer on you at all times or your life is over and you cannot access any of your accounts. soon you wont be able to make any transactions without it. police will arrest you if you are without your smartphone identification.
If you want to live like an outcast (which you already are) it should be totally possible for you to live without a smartphone in most places in the world.
Anons, if you were a bank, how would you authenticate your users on their mobile banking app? Would you make deploy your own proprietary MFA (soft tokens), use a vendor proprietary MFA or make customers use their biometrics (face)? I’d imagine each comes with drawbacks but what would you think would be the most secure? Some banks have their proprietary in built in their apps, some crypto exchanges like Binance make you download another app of theirs to authenticate which is a bit of a drag.