this post was submitted on 03 Apr 2024
916 points (96.2% liked)
Mildly Infuriating
35493 readers
326 users here now
Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-At this time we permit content that is infuriating until an infuriating community is made available.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Sorry, as IT person I have to disagree, app based MFA is just way much easier to maintain instead of HW keys.
Edit: forgot to mention that in Finland companies here has to provide phone if your work require that. In IT I don't want nothing to do with users personal devices, and it sounds insane to me that in US companies force apps to your personal devices.
If you want to install software on my personal device with elevated privileges then I'll just use a different service than your shitty low effort maintained trash.
Company device of course. Like mentioned, in IT, I want nothing to do with users personal phones
Oh hell yeah, then. At that point it's just the company making their own apps to install on their own stuff, the way it should be.
I've had this argument with different people when asking for a hardware token vs app only two factor.
I'm not installing a proprietary app on my personal device. I'll use a open standard, I'll use a light weight hardware token. I'm not going to run a invasive binary black box for push authentication 24/7 on my personal device.
At this point everyone has extra phones that don't get security updates. I just used a old phone installed the app on that phone, and left it in my desk... It's kind of a terrible security dongle at this point.
Has to be company phone of course. In IT I don't want nothing to do with your personal device.
Here in Finland it is normal (or even required) that company provides you phone and subscription if your work needs that.
Re-writing a 6-digit code is easier than tapping a USB device?
They're talking about operationally. They don't want to configure and distribute a bajillion dongles to users.
Yup
Often times, yes. I don't want to always have to have a USB key on me, but I always have access to MFA apps via my phone, watch, or laptop. I have no idea why you're typing the code out instead of copying and pasting.
Open an app, find the one number for your specific app among the bajillion you have, oh the timer is almost out and you forgot halfway through, tap back in the app, oh the fucking app scroll all the way to the top again.
Open app via sidebar, search for website in search box, enter number once because I'm not super fucking slow at typing
Pretty sure he's talking about mfa that just asks for confirmation whether that's you logging in on the phone. No typing required.
App-based TOTP are not phishing resistant and do not require any level of proximity to the login session. The future is more likely passkeys that use device TPMs.
Simple challenge number handles that, for example Azure AD MFA forces that today
Those are better, but are also not phishing resistant.