Settings and activity
3 results found
-
343 votes
An error occurred while saving the comment An error occurred while saving the comment 
darq_bot_
commented
The whole 2FA thing is nonsensical to begin with.
I've used the Internet since 1995. I don't have 2FA anywhere.
I have not once had any of my accounts compromised.Why does creating an app aka oauth client require a phone number? You already have my email, you see me stream, Why do I need a phone number? What when I lose the phone or change the phone number?
Don't require 2FA.
darq_bot_
supported this idea
·
-
18 votes
An error occurred while saving the comment darq_bot_
commented
100% this. It's annyoing and doesn't add any protection. All it does is annoy people.
darq_bot_
supported this idea
·
-
1,207 votes
An error occurred while saving the comment darq_bot_
commented
I agree. I was trying to write a Twitch chat bot, but now I need to give away my phone number to set up 2FA. This will not happen. As a result Twitch is more unattractive. My channel will remain plain without any advantages or custom chat functionality. It will not be able to separate itself from other channels, to stand out.
Youtube is a more interesting platform for streaming because of that.
darq_bot_
supported this idea
·
@boosted_n I don't need to do research on things I know. It's you who should stop spreading FUD.
None of the services you mentioned *REQUIRE* 2FA, except Google.
I've been and still am a self employed developer. Systems and web also server administration. I've also been on the other side of things.
I don't use 2FA unless I'm forced to. Twitch thought it could force me to give them my phone number via 2FA a few years ago by requiring it for streaming and I stopped using it because of that. I've only recently picked it up again because the Twitch app was installed on my Android TV. I couldn't believe that people would donate money or subscribe to people essentially just streaming their life, called IRL streams. So I started watching to see how they do it. I thought, I can do that too, but I don't won't to use other people's infrastructure or services, I want to be independent, so I decided to start small and write a chat bot for starters.
I couldn't because, holy ****, Amazon wants my phone number if I want to get a Twitch oauth2 client_id.
So I came here to write this.
SWTOR forces me to do an email verification every time my ISP changes.
Twitch does that too. It's even more aggressive than EA in that regard. Every new incognito window requires email verification.
LinkedIn aka Microsoft does it.
Google does it via the phone's OTP. If Google didn't pay my check I would've removed it completely from my life.
I don't play SWTOR anymore because the 2FA annoys me.
I have had the same online banking password since the 1st time I set it in 2004, no 2FA. Never compromised.
For each new service I use I create a new password at least 16 chars long ( pwgen -s -1 -y 16), often 32 depending on the importance of the service.
I'm aware the US government has access to those passwords via Google. I see Google as the long arm of the US government. Their analytics helping to track people as they navigate the web.
I use Epic Games without 2FA, same for Steam. And for the record without installing Epic Game Services, even if they managed to trick me once to install it against my will.
My Nvidia drivers I clean them manually from telemetry and similar spyware as best I can.
However I don't use Windows to code.
The important stuff is under Linux, and the really important stuff is offline. I don't even use disk encryption.
Please don't tell me to do some research, that's akin to calling me dumb.
My track record speaks for myself.
I know that I'm not a high value target. But I will always speak my mind, even if that means I get banned from communities.
So please stop spreading FUD and disinformation. 2FA doesn't mean that sign in requests are logged.
I get that it can act as an means of protecting one's account, but in reality it's phising by those services under the false framing of improved security.
I also get that people are stupid and dumb and mistakes happen. I was doing a coding stream today and stupid me clicked on a file with this account's credentials. They were visible for a split second. I immediately stopped the stream and deleted the VOD. Because I didn't want to deal with restoring an account bound to my main email address.
Requiring 2FA for a bot is overkill and I repeat myself it's mainly used by companies to phish data about their users. Just like those security questions, the name of my 1st dog etc, are.
Just don't be stupid. That will handle 99% of all cases. If someone really wants to target you, especially government, which is rather unlikely, unless you pose an existential threat to them, they will get your data. 2FA or no 2FA.
But assuming non-governmental threat actors 2FA helps there. However it has its negative effects and its not a surefire way to protect your account.
I repeat, what if you lose the phone or change the number.
I had that happen in the case of my Amazon credit card, the number changed and just when I needed the CC service I couldn't use it because of ******* stupid booksmart people like you who drank the Kool aid and regurgitate FUD.
Have 2FA for all I care as long as it's optional.
I don't want to search for my phone every time I log in somewhere or do whatever action. Bad enough that the bank requires it from me since PSD2. And it does so because they want to enable financial products like account information services and account middleman services, which both require a yearly certificate purchase, effectively increasing earnings of those corrupt government institutions.
In any case, I digress.
I don't need to do research, I'm speaking for myself. Since 1995 not a single compromised account. I don't need yubikey or 2FA. All it does is make my life more complicated without benefit.
Amazon will not get my phone number. If they force me, I'll stop using their services. Just like now, I won't work on my Twitch chat bot and switch to YouTube, where they don't want my phone number if I want to create an oauth2