this post was submitted on 21 Dec 2024
104 points (97.3% liked)

technology

23393 readers
142 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS
 

Installed Steam on a new computer. Signed in. It sent a passcode to my GMail. I signed into GMail. It wanted me to 2FA because I hadn't signed into Google on that device. It sent a notification to my phone, which I never received. I had it resend the notification twice, still nothing. Tried again with my phone's offline passcodes. Neither worked. Tried the QR code/Bluetooth connection, and that finally did it.

At least I got through in the end, but fuck, it's annoying.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] crime@hexbear.net 11 points 6 days ago* (last edited 6 days ago) (1 children)

it's part of my job to think about this for companies, and you'd think that would make me feel confident in my ability to create a robust backup system with failsafes for all of these logins. instead i'm hyper-aware of how screwed I'd be with loss of access to any given point of failure and constantly anxious about it, bc it takes a literal team of people to set up and maintain that sort of thing

twice as bad if you're concerned about data privacy or opsec. like sometimes the options are "give my phone number to some company i inherently don't trust" or "accept the risk that it will be impossible to recover this account if I lose access to my email address"

[โ€“] glans@hexbear.net 8 points 6 days ago

the problem is, and it seems like a legitimate problem, is that in this context a backup is also a back door.

I don't know how it is possible to have any amount of security without the possibility of being totally locked out in some situations. how can you assure that you can reset a password but prevent anyone else?

It seems intractable. Password managers have been available for a long time and if people haven't started using them yet en masse I see no reason to expect they might any time soon.