this post was submitted on 06 Dec 2023

151 points (96.9% liked)

[Outdated, please look at pinned post] Casual Conversation

6466 readers

1 users here now

Share a story, ask a question, or start a conversation about (almost) anything you desire. Maybe you'll make some friends in the process.

RULES

Be respectful: no harassment, hate speech, bigotry, and/or trolling
Encourage conversation in your post
Avoid controversial topics such as politics or societal debates
Keep it clean and SFW: No illegal content or anything gross and inappropriate
No solicitation such as ads, promotional content, spam, surveys etc.
Respect privacy: Don’t ask for or share any personal information

Related discussion-focused communities

founded 1 year ago

MODERATORS

Mysterious_Macaxeira@lemmy.world

shinigamiookamiryuu@lemm.ee

Bl4ze@lemmy.world

KaneLivesInDeath@lemmy.world

orangeNgreen@lemmy.world

neidu2@feddit.nl

151

Any company that still insists on forced password resets and frequent changes needs to learn about Social Engineering and Human Factors. (yiffit.net)

submitted 10 months ago by l_b_i@yiffit.net to c/casualconversation@lemmy.world

61 comments fedilink hide all child comments

These are the same companies that don't support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?

you are viewing a single comment's thread
view the rest of the comments

[–] Darkassassin07@lemmy.ca 1 points 10 months ago* (last edited 10 months ago)

I didn't either, so I self-host mine via vaultwarden. My passwords never leave my own systems (unless being used to login ofc), except for transit between my server and client devices. That is encrypted before storage or flight then wrapped in tls for https and again for a vpn connection (also self-hosted).