|
are brits supposed to say zedro day or something
|
# ? Jul 9, 2017 15:06 |
|
|
# ? May 13, 2024 23:03 |
|
you can disable facebook sms
|
# ? Jul 9, 2017 15:30 |
|
fritz posted:are brits supposed to say zedro day or something naught day
|
# ? Jul 9, 2017 15:40 |
|
let's just call it zero tolerance day and be done with this terrible derail
|
# ? Jul 9, 2017 15:41 |
|
Thanks Ants posted:you can disable facebook sms huh mine has the disable button but when i click it:
|
# ? Jul 9, 2017 16:25 |
|
yeah not being able to disable sms bugs me hopefully facebook can just tell what country i'm in, if anyone can do it it's them
|
# ? Jul 9, 2017 16:39 |
|
Rufus Ping posted:huh mine has the disable button but when i click it:
|
# ? Jul 9, 2017 16:45 |
|
why would you jump through hoops to set up nonshitty 2 factor on fb when u can just delete account
|
# ? Jul 9, 2017 19:02 |
|
wish you would delete your SA account
|
# ? Jul 9, 2017 19:10 |
|
Powaqoatse posted:wish you would delete your SA account
|
# ? Jul 9, 2017 19:14 |
|
cinci zoo sniper posted:i mean, how different is it from loosing phone with sms 2fa, or do your carriers restore stolen numbers? you just get a new phone and the same account w/ same number. the old phone/sim are deactivated. the reason SMS is so common for 2fa is because the user doesn't have to manage their own key recovery when their 2fa mechanism is lost. For example: anthonypants posted:just use the gauth recovery code when you set up gauth on your new phone doesnt work for most users who are just going to pass right by the recovery key section during setup because all they see is a list of numbers and letters that they don't understand.
|
# ? Jul 9, 2017 19:49 |
guys has anyone seen the op, by the way.i think we may have killed her Shaggar posted:you just get a new phone and the same account w/ same number. the old phone/sim are deactivated. the reason SMS is so common for 2fa is because the user doesn't have to manage their own key recovery when their 2fa mechanism is lost. For example
|
|
# ? Jul 9, 2017 19:53 |
|
oh yeah then you'd be hosed. same as if you didn't copy down your recovery keys for a non-sms 2fa. altho depending on the account they probably have a way to remove the 2fa which is an easier target than your SMS was in the first place.
|
# ? Jul 9, 2017 19:55 |
|
Shaggar posted:oh yeah then you'd be hosed. same as if you didn't copy down your recovery keys for a non-sms 2fa. altho depending on the account they probably have a way to remove the 2fa which is an easier target than your SMS was in the first place. Chalks posted:My phone broke so I emailed the company and asked them to turn off 2fa and they did it no questions asked. lol
|
# ? Jul 9, 2017 20:17 |
|
FAT32 SHAMER posted:I like how the pentesters are popping out of the woodwork to diss a guy for calling their job a relatively large scam we hired some company to regularly pentest our software and they still haven't found the myriad of really incredibly obvious problems, i assume because all they're doing is running some toolkit that looks for known vulns in software that is not the software my company specifically makes but hey we get to say we're pentested when companies ask!!
|
# ? Jul 9, 2017 20:20 |
|
Rufus Ping posted:huh mine has the disable button but when i click it: yep this is what i get too
|
# ? Jul 9, 2017 20:20 |
|
what i'm saying is they're less than worthless, they're actively harmful because they convey a level of safety that's not there at all
|
# ? Jul 9, 2017 20:21 |
Shaggar posted:oh yeah then you'd be hosed. same as if you didn't copy down your recovery keys for a non-sms 2fa. altho depending on the account they probably have a way to remove the 2fa which is an easier target than your SMS was in the first place.
|
|
# ? Jul 9, 2017 20:24 |
|
communism bitch posted:Y'all sound so depressed and cynical about every method of protecting user data like login credentials. If 2fa using my phone isn't going to keep my neopets account safe what is? Depression and cynicism are requirements to be in infosec SMS 2fa is better than no 2fa, but it's not as good as other options and has some glaring weaknesses and security folks also generally like to hate on anything that's not perfect so Ed: also anyone gonna be in vegas this year? I'm skipping defcon prob but will be down for bsides and then at least til Friday for a work thing
|
# ? Jul 9, 2017 20:26 |
|
I'm not going this year
|
# ? Jul 9, 2017 20:31 |
|
pr0zac posted:SMS 2fa is better than no 2fa, but it's not as good as other options and has some glaring weaknesses and security folks also generally like to hate on anything that's not perfect so
|
# ? Jul 9, 2017 20:35 |
spankmeister posted:I'm not going this year may your kapsalons be especially tasty
|
|
# ? Jul 9, 2017 20:39 |
|
am I the only one who keeps the old phone and sets up the 2fa app on old and new at the same time in order to have a backup?
|
# ? Jul 9, 2017 23:24 |
|
Munkeymon posted:am I the only one who keeps the old phone and sets up the 2fa app on old and new at the same time in order to have a backup?
|
# ? Jul 9, 2017 23:48 |
|
just write all your 2fa codes in a notebook 000000 000001 000002 ... 999997 999998 999999
|
# ? Jul 10, 2017 00:51 |
|
get facebook to mail you a new one time pad every couple months (actually this wouldn't be a bad idea given presumed lower likelihood of mail getting snooped)
|
# ? Jul 10, 2017 00:55 |
|
instead of facebook try face to face book [dad laugh]
|
# ? Jul 10, 2017 00:57 |
|
anthonypants posted:statistically no, but you are doing a dumb thing feels safer than printing off the lockout code and keeping that around - at least the old phone is encrypted and password protected
|
# ? Jul 10, 2017 01:00 |
|
Munkeymon posted:feels safer than printing off the lockout code and keeping that around - at least the old phone is encrypted and password protected serious question: is your threat model "someone could break into my house and steal a piece of paper and then use it to post terrible things to my facebook account"
|
# ? Jul 10, 2017 01:04 |
|
ate all the Oreos posted:serious question: is your threat model "someone could break into my house and steal a piece of paper and then use it to post terrible things to my facebook account" i'm a privacy fundementalist, models want nothing to do with me
|
# ? Jul 10, 2017 01:08 |
|
ate all the Oreos posted:serious question: is your threat model "someone could break into my house and steal a piece of paper and then use it to post terrible things to my facebook account" burglary does happen but mainly I'd like to not have to punch in a fifty character alphanumeric code and leaving an old phone in a drawer is a way to get out of that hopefully
|
# ? Jul 10, 2017 02:29 |
|
i had to use an internet cafe today to do some work bullshit while on holiday and 1) holy poo poo internet cafes still exist 2) they give you local admin which was handy because i had to install java to get our garbage remote access software working* the guy next to me was trying to open some random file type and asked the staff about installing something and they went 'it's not a virus right?' and just did it *recently upgraded to use a java desktop app that has to be manually set up to point to the java exe and so breaks on every java version update because environment variables are hard
|
# ? Jul 10, 2017 04:11 |
|
Powerful Two-Hander posted:i had to use an internet cafe today to do some work bullshit while on holiday and 1) holy poo poo internet cafes still exist 2) they give you local admin which was handy because i had to install java to get our garbage remote access software working* lmao if your remote access software isn't vpn client + rdesktop/ssh
|
# ? Jul 10, 2017 04:21 |
|
RISCy Business posted:lmao if your remote access software isn't vpn client + rdesktop/ssh it uses the java app to launch a regular rdp session i don't even know what the gently caress edit: i guess the java app creates the vpn tunnel and they did it that way so that it could be used on macs as well. no idea what the inevitable linux users are supposed to do. Powerful Two-Hander fucked around with this message at 05:03 on Jul 10, 2017 |
# ? Jul 10, 2017 04:27 |
|
Powerful Two-Hander posted:it uses the java app to launch a regular rdp session i don't even know what the gently caress the most portable setup is a vpn client and your remote desktop client of choice namaste
|
# ? Jul 10, 2017 05:15 |
|
Powerful Two-Hander posted:i had to use an internet cafe today to do some work bullshit while on holiday and 1) holy poo poo internet cafes still exist 2) they give you local admin which was handy because i had to install java to get our garbage remote access software working* android studio loving does this and I had to write documentation to walk clients through how to handle this when setting up their android automation thing I wrote for them
|
# ? Jul 10, 2017 05:18 |
|
Powerful Two-Hander posted:i had to use an internet cafe today to do some work bullshit while on holiday and 1) holy poo poo internet cafes still exist 2) they give you local admin which was handy because i had to install java to get our garbage remote access software working* you used a public computer to connect to work resources?
|
# ? Jul 10, 2017 06:08 |
|
the secfuck is coming from inside the thread
|
# ? Jul 10, 2017 06:09 |
|
Lain Iwakura posted:you used a public computer to connect to work resources?
|
# ? Jul 10, 2017 06:13 |
|
|
# ? May 13, 2024 23:03 |
|
perhaps revenge for having to work on holiday
|
# ? Jul 10, 2017 06:14 |