cryptix, 23 days ago

@liaizon I don’t like it either but expecting/teaching people to use proper passwords sadly also didn’t work out... SMS and EMail 2FA doesn’t cut it either.

liaizon, 23 days ago

@cryptix I do not think 2 factor (2 computers) is an solution at all.

bhaugen, 23 days ago

@liaizon @cryptix
what if any solution do you prefer?

serapath, 23 days ago

@bhaugen @liaizon @cryptix

just use a seed phrase like in true peer to peer systems.

keet uses 24 words and is a p2p messenger app. wallets use the same approach.

any p2p social network could do it as well and they exist for a long time, longer than mastodon and the fediverse.

mastodon was initially released 2016

By that time ssb and dat and others existed already and so did wallets

liaizon, 23 days ago

@serapath @bhaugen @cryptix this is also a HORRIBLE solution, devs: please dont do this. people have trouble with remembering passwords already, expecting people to remember a sentence worth of words is badddd

bhaugen, 23 days ago

@liaizon @serapath @cryptix
Between a long string of random characters including random numbers and symbols, and a sentence with some meaning, I think I could remember the sentence (or even a sequence of words) better. No?

fleeky, 23 days ago

@bhaugen @liaizon @serapath @cryptix you can also generate a QR code from the hash ?

Also you can write those words down and put them ina safe , or you can gpg encrypt a txt file and then rsync it your friends devices or even use a hyperdrive or ipfs to back up to multiple devices ?

liaizon, 23 days ago

@fleeky @bhaugen @serapath @cryptix you are all responding with "tech answers" this is not a solution. non nerds are not going to understand gpg, ifps, rsync, the hash etc.

this is my point exactly. stop thinking of solutions for tech people. this makes all this shit not approachable to the VAST majority of humans on earth

serapath, 22 days ago

@liaizon @bhaugen @cryptix

i dont think words are so bad.
words are much safer and easier to remember than cryptic passwords like "!1fgUKhmmp3"

or some make "fooboo123@facebook111"

people tend to forget them as well.
people did manage to memorize poems in school with many more words than just 12 or 24.

also, you have cryptographic techniques like "shamirs secret" and dark crystal is an ssb project which tried it in practice.

which means, if you have enough friends or an institution ...

serapath, 22 days ago

@liaizon @bhaugen @cryptix

you could shard your key and give them, app supported, to you friends or trusted folks.

when you lose or foeget your keys, you can restore them by asking M of N of your trusted peers to help restore it.

lastly, if you dont trust anyone, ...give your shards or the whole keypair tp your bank or google, then you dont have it worse than now

liaizon, 22 days ago

@serapath @bhaugen @cryptix I think a good user interface ontop of this type of system is indeed the best way forward

dantescanline, 23 days ago

@liaizon i wonder how bad security is getting actually? like these companies go and add 2 factor for some reason. but that reason could be: 'other companies in the industry are doing it, and our regular security sucks so we should do this to fix our security'? or is actually motivated by some real metric that an exec can understand and make a decision about?

liaizon, 23 days ago

@dantescanline I mean security is a fucking shit show. look at who is hetting million+ data leaks on the regular, it doesn't even make news anymore

mariusor, 23 days ago

@liaizon if you want I have a spare yubikey with NFC that you can enroll for 2FA. I haven't tested it if it works on mobile though.

mariusor, 23 days ago

@liaizon dunno if it qualifies as "not a second computer" though. :D

liaizon, 23 days ago

@mariusor I think it does! but also I would totally take you up on that offer!