=== ANCHOR POEM === ═════════════════════════════════════════════════────────────────────────────────── 2 factor authentication is not for security. If they cared about security they would use SSH keys. 2FA is so that your email provider knows whenever you log in somewhere. Most people use gmail. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════════─────────────────────────────────┘ === SIMILARITY RANKED === --- #1 fediverse/874 --- ══════════════════════════════════════════════───────────────────────────────────── oh yeah well if SSH keys are so secure then why doesn't every website on Earth require them really though why doesn't every website on Earth require them ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════────────────────────────────────────┘ --- #2 fediverse/1310 --- ════════════════════════════════════════════════─────────────────────────────────── that feeling when you type your password so fast that one hand is faster than the other and the letters get all jumbled and now you have to remake your ssh key -.- ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════──────────────────────────────────┘ --- #3 fediverse/1482 --- ════════════════════════════════════════════════─────────────────────────────────── @user-192 I feel like SSH keys to log into every website should be a standard or something similar ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════──────────────────────────────────┘ --- #4 fediverse/3469 --- ════════════════════════════════════════════════════════─────────────────────────── you know how SSH password login is deprecated because the password needs to be transmitted in cleartext or whatever? what if we just... required two passwords? the first initiates the conversation, and sets up an encrypted line. It doesn't matter if anyone sees the first password because they'll get a new set of encrypted keys, meaning each session automatically is encrypted in a different, randomized way. the second password is the one that actually authenticates you. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #5 fediverse/3471 --- ════════════════════════════════════════════════════════─────────────────────────── @user-883 it might be, I don't know much about it (hence why I'm asking questions) but I have heard that ssh keys are more secure than password authentication and it never made sense to me. If availability is important for security purposes, then wouldn't SSH keys (which are much more difficult to carry around than a password) be less suitable? ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #6 fediverse/3470 --- ════════════════════════════════════════════════════════─────────────────────────── alternatively, when you initiate an SSH session it sends you a randomized public key whose private key is the password that you need to login. By decrypting the string of text it sent you and sending it back (plus the password at the end or whatever) you can ensure secure authentication without bothering with the passwordless keys which are wayyyyyy more trouble than they're worth and lack the "something you know" authentication method. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #7 fediverse/797 --- ══════════════════════════════════════════════───────────────────────────────────── irc is bloat use ssh + write to chat with your friends instead ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════────────────────────────────────────┘ --- #8 notes/environment-variables --- ═══════──────────────────────────────────────────────────────────────────────────── To edit environment variables: ~/.bashrc is for variables only accessible by the user. /etc/profile is for variables accessible by all users. /etc/environment is for variables accessible by anyone. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘══════───┴╧───────────────────────────────────────────────────────────────────────────┘ --- #9 fediverse/2622 --- ══════════════════════════════════════════════════════───────────────────────────── what kind of linux user are you if you don't even like reading terminal output? it's USEFUL and INTERESTING information! WHY ELSE WOULD THE PROGRAMMER OUTPUT IT??? ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘ --- #10 fediverse_boost/5147 --- ◀─╔═══════════════════════════[BOOST]═════════════════════════════───────────────╗ ║ ┌────────────────────────────────────────────────────────────────────────────┐ ║ ║ │ Need that E2EE fedi right now │ ║ ║ │ │ ║ ║ │ i'd be at least 70% more feral │ ║ ║ │ │ ║ ║ │ and feel cozier opening up and sharing │ ║ ║ └────────────────────────────────────────────────────────────────────────────┘ ║ ╠─────────┐ ┌───────────╣ ║ similar │ chronological │ different ║ ╚═════════╧═════════════════════════════════════════════════════───────┴───────╝─▶ --- #11 fediverse/3407 --- ════════════════════════════════════════════════════════─────────────────────────── @user-1218 there's only a password so that if the zip archive is displaced from it's context it's harder to read. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #12 fediverse/2252 --- ══════════════════════════════════════════════════════───────────────────────────── ┌──────────────────────┐ │ CW: tech-encryption │ └──────────────────────┘ users don't want to have to think about encryption keys. they should be available for them if they need them, in like... a folder or something somewhere, but they don't need to really know that they exist. more friction like that keeps people away from being secure. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘ --- #13 fediverse/5355 --- ═════════════════════════════════════════════════════════════════════────────────── "that email address is already taken, please sign in instead" >. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════════════════════════════─────────────┘ --- #14 fediverse/664 --- ═════════════════════════════════════════════────────────────────────────────────── @user-482 [secretly installs a keylogger and doesn't tell anyone upstream but still pushes it to production] [or worse, was told to do as such and given tools to fabricate "evidence" to the contrary to everyone else on the team] ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════─────────────────────────────────────┘ --- #15 fediverse/1359 --- ════════════════════════════════════════════════─────────────────────────────────── normalize making a new account when you forget your password instead of changing it because once changed there's no way to verify the authenticity of the user aside from trusting an outside source like an email provider which by the way is basically skywriting ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════──────────────────────────────────┘ --- #16 fediverse_boost/6017 --- ◀─╔═══════════════════════════════[BOOST]════════════════════════════════────────╗ ║ ┌────────────────────────────────────────────────────────────────────────────┐ ║ ║ │ Linux admins when they have to use Windows: :/ │ ║ ║ │ │ ║ ║ │ Windows admins when they have to use Linux: :\ │ ║ ║ └────────────────────────────────────────────────────────────────────────────┘ ║ ╠─────────┐ ┌───────────╣ ║ similar │ chronological │ different ║ ╚═════════╧════════════════════════════════════════════════════════════┴───────╝─▶ --- #17 fediverse/5390 --- ══════════════════════════════════════════════════════════════════════───────────── ext4 is not an encryption scheme, even though it seems that way to windows users. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════════════════════────────────┘ --- #18 fediverse/102 --- ══════════════════════════════════════════───────────────────────────────────────── @user-5 why not just use a keyboard? 🙃 ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════────────────────────────────────────────┘ --- #19 fediverse/4093 --- ═══════════════════════════════════════════════════════════──────────────────────── I have no idea why people prefer a GUI when working with software. How the heck do they expect to use their computer remotely if they can't even run their software over SSH? ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════════════════───────────────────────┘ --- #20 fediverse/3668 --- ════════════════════════════════════════════════════════─────────────────────────── setting up an SSH server is like a rite of passage for Linux administrators (notice I didn't say users, you can't use linux, only administer it) ... I'm having trouble with my rites >.> ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ |