|
passwords on websites are loving bullshit. your browser connects with an SSL link, and then it’s like, one more thing, give me a text string so i know it’s really you. i know like 3 passwords now, the one that unlocks my computer, the one that unlocks my password manager, and maybe another one, i forget. all of my passwords are like 30 character random strings with punctuation and everything. basically untypeable by humans, you can only copy and paste them. so let’s stop pretending like passwords are a thing people can remember. nothing you remember is secure. there are better ways to do it, like ssh does with ssh keys. with ssh, any machine you add your public key to can authenticate you. no password needed. why isn’t my browser doing this? creating an account? great. generate a public-private key pair for the site, send the public key to the site, stash the private one in my keychain. done. never ask me for a password again, just authenticate me automatically. get on it, browser dipshits. there’s only one browser now, webkit, so fix it in that and make it work for everyone.
|
#
?
May 30, 2020 12:54
|
|
|
|
| # ? May 3, 2024 16:50 |
|
|
I especially enjoy making secure passwords for sites that then tell me it only accepts alphanumeric and don’t get me started on websites that forget you after you specifically clicked don’t forget that night we went to the carlton and I hosed you at your dads place this drat website might be the only website in the world that respects this
|
|
#
?
May 30, 2020 13:03
|
|
|
The worst is when they double down and keep nagging for a phone number for 2FA every-time you log in. Yeah cheers, let me tie my my credentials to a tiny card the size of my pinky nail stored in one of the most easily lost/stolen personal devices.
|
|
#
?
May 30, 2020 14:02
|
|
|
that's actually a pretty good point op.
|
|
#
?
May 30, 2020 14:19
|
|
|
i just use the same password for everything op
|
|
#
?
May 30, 2020 14:29
|
|
|
fart simpson posted:i just use the same password for everything op
|
|
#
?
May 30, 2020 15:00
|
|
|
oh no someone might hack the yahoo email i use for throwaway accounts and get access to the car forum i posted on twice in 2007
|
|
#
?
May 30, 2020 15:02
|
|
|
i use lastpass op. paid money for it and everything. real USD
|
|
#
?
May 30, 2020 15:04
|
|
|
buddy, they wont even let me gently caress the web passwords
|
|
#
?
May 30, 2020 17:00
|
|
|
my voice is my password
|
|
#
?
May 30, 2020 17:50
|
|
|
my face is my password. unfortunate that my device needs to accept it
|
|
#
?
May 30, 2020 18:43
|
|
|
The little biryani shop in my building has an online ordering tool with no passwords. If you aren't already signed in to make an order it, you enter your email and it sends you a text message with a one-time, 5-digit code. Put in that code and it logs you into your account to order.
|
|
#
?
May 30, 2020 18:54
|
|
|
The Management posted:there’s only one browser now, webkit it's loving weird that every modern browser except firefox is descended from a fork of konquerer
|
|
#
?
May 30, 2020 19:10
|
|
|
i hate sites that dont tell you the maximum password length, or have a dumb max lentgth that is way too short like 20 let me set a 1024 or 4096 character password damnit sure i know there should be a limit of some sort so you arent hashing a gigabyte for the first round of a kdf (allowing a DoS attack) but make the limit like 2^16 or something also DuckConference posted:it's loving weird that every modern browser except firefox is descended from a fork of konquerer
|
|
#
?
May 30, 2020 19:22
|
|
|
The Management posted:my voice is my password my bank does this and i've been meaning to tell them to turn it off cause there are recordings of me giving conference talks and stuff and i don’t really trust it to be secure at all
|
|
#
?
May 30, 2020 19:45
|
|
|
Pardot posted:my bank does this and i've been meaning to tell them to turn it off cause there are recordings of me giving conference talks and stuff and i don’t really trust it to be secure at all glad i'm not the only one that thinks this way my boss keeps asking to post recordings of me on the web and thinks i'm ridiculous for saying no.
|
|
#
?
May 30, 2020 19:52
|
|
|
Kerberos exists, OP. Webdevs just have purposefully ignored all technology predating them. In our internal network a lot of services know what a Kerberos is and log you in automatically. Problem: You can't log off anymore. Not that that's a problem of course. Nobody ever logs off.
|
|
#
?
May 30, 2020 20:02
|
|
|
i will never log off
|
|
#
?
May 30, 2020 20:12
|
|
|
chrome already has webauthn op but i think the persona style authentication had promise too
|
|
#
?
May 30, 2020 20:54
|
|
|
The Management posted:my voice is my password same, but my fart
|
|
#
?
May 30, 2020 21:09
|
|
|
Good Sphere posted:my face is unfortunate
|
|
#
?
May 30, 2020 21:19
|
|
|
it’s so good when you have backup questions but you can only choose from a couple questions like : name of a friend last time you were cool last time someone else showed you respect last time you ate a vegetable that you cooked for yourself and other questions that are mostly based around figments in your imagination
|
|
#
?
May 30, 2020 22:14
|
|
|
I just write my passwords on the back of my keyboard in sharpie
|
|
#
?
May 30, 2020 22:28
|
|
|
The browser literally can do all that poo poo too, client certificates are a thing that works and also can have a password to unlock which makes them effectively two-factor (the cert and the password) and conceptually usable for multiple sites without cross-exposure like you get with memorized passwords. It's just that the only two things ever to have used client certificates are the Australian government for paying taxes online, and cacert.org
|
|
#
?
May 30, 2020 23:09
|
|
|
I like giving my complete history to every website so they can know I'm me if I forget my password and presumably so they can open bank accounts in my name.
|
|
#
?
May 31, 2020 22:10
|
|
|
Antigravitas posted:You can't log off anymore. Not that that's a problem of course. Nobody ever logs off. as an opener to a cyberpunk novel i'd be like 'this is going to be not great, but in ways i like'
|
|
#
?
Jun 1, 2020 12:07
|
|
|
I worked at exactly one place with a full PKI and client certs, not having to log into a ton of bullshit manually was awesome.
|
|
#
?
Jun 1, 2020 16:21
|
|
|
if i could skip logins and use SSL client certs where I just give them a specific public key I want to have trusted (instead of them trusting the subject and x509 chain) and skip password auth I would love it. Especially since my yubikey lets me do just that. Too bad browser support is trash, and most web "developers" cant even get basic auth right, so I don't have high hopes.
|
|
#
?
Jun 1, 2020 17:46
|
|
|
Hed posted:I worked at exactly one place with a full PKI and client certs, not having to log into a ton of bullshit manually was awesome.
|
|
#
?
Jun 2, 2020 03:31
|
|
|
more like rear end turd
|
|
#
?
Jun 2, 2020 03:36
|
|
|
just use Sign in with Apple, op.
|
|
#
?
Jun 2, 2020 03:39
|
|
|
FlacidB0n3R42069
|
|
#
?
Jun 2, 2020 07:01
|
|
|
dude your already logged in!
|
|
#
?
Jun 2, 2020 07:02
|
|
|
Pinterest Mom posted:just use Sign in with Apple, op. worth it just for the convenience of being able to login as anyone you want
|
|
#
?
Jun 2, 2020 07:04
|
|
|
Pinterest Mom posted:just use Sign in with Apple, op. my spirit is ready op, but I’ve yet to encounter anything that had an option to do that. also sign in with apple still uses passwords so gently caress that. they could have done this right
|
|
#
?
Jun 2, 2020 17:48
|
|
|
I'm reluctant to get a new phone because I'll have to transfer or set up 2FA on the new phone and transfer poo poo and I can't be bothered to think about it
|
|
#
?
Jun 3, 2020 12:57
|
|
|
President Beep posted:more like rear end turd
|
|
#
?
Jun 3, 2020 13:53
|
|
|
Remember when your somethingawful password was the most secure one you had?
|
|
#
?
Jun 3, 2020 17:09
|
|
|
somehow this tyre fire of a forum is literally the only site on the internet that doesn't randomly log me out for no reason.
|
|
#
?
Jun 3, 2020 20:46
|
|
|
|
| # ? May 3, 2024 16:50 |
|
|
Sweevo posted:somehow this tyre fire of a forum is literally the only site on the internet that doesn't randomly log me out for no reason. the magic of never changing anything
|
|
#
?
Jun 3, 2020 23:36
|
|