Settings and activity
10 results found
-
9,053 votesdarknase supported this idea ·
-
1,069 votesdarknase supported this idea ·
-
471 votesdarknase supported this idea ·
-
4,269 votes
An error occurred while saving the comment darknase supported this idea · -
111 votesdarknase supported this idea ·
-
3,396 votes
An error occurred while saving the comment darknase commentedAs the OP says: It's from a PG movie. It one of the most used emotes, and it's used - 'cause of the removal that happens - in many communities in their off-twitch solutions like Discord, where, they still used.
It's incomprehensible to me that this PG thing would be a problem.
darknase supported this idea · -
29 votesdarknase supported this idea ·
-
466 votes
An error occurred while saving the comment darknase commentedBroken alert system. Top priority fix!
darknase supported this idea · -
2,188 votes
An error occurred while saving the comment darknase commentedAdding "a break out" that just says "Ads & Turbo" is not a break out. We expect better Twitch.
darknase supported this idea · -
1,137 votes
An error occurred while saving the comment darknase commentedGiving out a phone number to get 2FA (or in general) is a no-no.
Aside from that SMS-TAN is considered broken since at least 2016 by NIST [1], going back till 2005 [2]
to [1]:
"Due to the risk that SMS messages may be intercepted or redirected, implementers of new systems SHOULD carefully consider alternative authenticators. If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service."
It's a GDPR privacy concern, you DO NOT NEED to know a phone number to authenticate a person.
You already have a way to communicate, send a one time code via eMail. But even that is isn't a required, because setting up the 2FA is easily done via a scanable QR code that's issued for the user once - i.e. changes on repeat - when the user enables the 2FA on a dedicated - i.e. not constant part of the user profile - page.
You don't like the eMail OTP solution because interception or plain text, well then set up a public PGP key dedicated to the 2FA setup, freely available on your site and on a PGP key server. Still can do a challenge-answer implementation before accepting users public key into your system.
[1] https://pages.nist.gov/800-63-3/sp800-63b.html
[2] https://www.schneier.com/crypto-gram/archives/2005/0515.html#16
"Comments from Readers" - "Subject: Two-Channel Authentication with Cell Phones and SMS"darknase supported this idea ·
What else is there to say? - Emote, please. Thank you!
Tbh the community Thor has build is amazing and he touched many of us, sparking and/or reinvigorating inspiration, try something new, continue what was buried and almost forgotten. Very few communities sharing such passion.
Honored to be apart of it. Thank you Thor.