Conversation:
Notices
-
Via Boogie: "Up until that point I thought I was entirely secure. I changed my passwords frequently and they were always 16–20 letters and numbers with special characters. I never used a password a second time. I even used two step authentication to basically turn my cell phone into a authentication key. Not only did these steps fail to prevent me from being hacked…
-
@verius 2FA the ideal is fine.
2FA the phone number thing is shit. And it's designed that way for a reason - ask yourself, why do so many entities that participate in tracking systems keep trying to tell you that this is secure and you should totally do it?
-
@verius To me it's an instance of something that has security implications being hijacked by the mainstream corporations into something used to control and have surveillance on user actions.
-
@verius I happen to know of more than one game that has sold location data from where people were using authenticators from. I know of a couple that have made the news by having the authenticator application track you even when closed.
I trust them even less than rms does
-
@verius There's actually a common open source app most of them use that IS clean that I look for in them though I don't remember the name of it. Pretty much every proprietary alternative to it exists as surveillance.
-
@archaeme @verius Steam Guard's 2FA was and is an explicit grab for phone numbers to sell. There's been several reports confirming that as soon as people used it with burner numbers they started getting telemarketing calls.
-
@archaeme @verius I've said it time and time again - 2FA even in its ideal, doesn't protect you from account compromises that happen as a result of sloppy server security.
The client can be armed to the teeth, connected to mains electricity, and rigged to explode if tampered with, it doesn't matter, if the server has a revolving door.
-
@verius @archaeme No, it's forced in the EU too, though I'm not sure if they've sold EU numbers. They got fined a not insignificant amount of money recently by the Competition Bureau here in Canada for an omnibus of complaints, of which this was one. Surprised the gaming news wasn't all over that, but Valve does have a lot of money to make things go away, and the gaming press is very corruptable.
-
@verius @archaeme I say "forced" because while the actual imposition of Steam Guard is "optional" they exert such restrictive digital restrictions on both games, and your account, if you do not have Steam guard, that you are coerced into doing so. If you have to do something to operate basic functions of an application, then that something is not "optional"
-
@verius @archaeme Every time a company responds to a server breach by imposing two-factor authentication I identify another company that either doesn't understand security - or usually much more likely - thinks we're idiots.
-
@archaeme @verius The current trend seems to be biometric security, which is a bad, bad idea for many reasons in many applications where it is used.
-
@verius @archaeme rms had a good write-up on the reasons why somewheres on his gargantuan personal website.
-
@purplehippo @verius @archaeme Actually the big restriction is family sharing. In many regions you literally cannot use that feature if you don't have steam guard. I have a feeling that they carefully chose the regions they felt they could skirt the consumer protection laws thereof in this regard.
maiyannah
All Hacker Poesy content and data are available under the