this post was submitted on 17 May 2025
467 points (95.2% liked)

Technology Memes

445 readers
1 users here now

Welcome to Technology Memes. Here you can make memes and/or rant about technology, internet, computers, corporations, enshittification and etc.

Rules:

  1. Stay on-topic.
  2. Don't attack and harras anyone. Be nice.
  3. No racism and discrimination.
  4. No politics unless they're related to tech.
  5. No spam, no ads.
  6. No NSFW.
  7. Don't repost.

Please report any posts and comments that violate these rules.

Related communities:

founded 7 months ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] ininewcrow@lemmy.ca 67 points 1 month ago

You'll lose many more years if your accounts with sensitive content ever get compromised.

[–] BassTurd@lemmy.world 32 points 1 month ago (9 children)

Every time I read comments on posts like these, it reaffirms to me how the average person does not give a shit about real security or is completely ignorant to how and why these extra safeguards are used. Lemmy, I would assume, has a higher than average tech knowledge amongst it's user base vs many other platforms, but the sentiment often that of, MFA and needing to login to a bunch of separate applications is too much work and the people that designed them don't know what they're doing. It's a bit disheartening.

[–] lightsblinken@lemmy.world 26 points 1 month ago* (last edited 1 month ago)

nah, you can care about security and also lose hours on MFA. for global enterprise, the overall user experience is far from optimal imho.

[–] RandoMcRanderton@lemmy.world 14 points 1 month ago (2 children)

GoDaddy sends a confirmation email for updating DNS. It does not ever arrive faster than 10 minutes from the time they claim they will send it, and sometimes it takes up to 15 minutes. The code expires in 20 minutes, so if you switch focus to something else in the mean time and miss the email and the code times out, you have to send another one and just sit there staring at the email inbox. I have lost hours of my life to GoDaddy MFA. Not all MFA is stupid, but their implementation is amazingly stupid.

[–] jbk@discuss.tchncs.de 11 points 1 month ago

Another bigass reason why godaddy sucks lol

[–] BassTurd@lemmy.world 5 points 1 month ago

Yes, I can't defend dog shit implementation. There are enough authenticator apps available that anyone reputable should use one instead of the less secure email or SMS.

[–] Pulptastic@midwest.social 8 points 1 month ago (2 children)

Do I really need TFA for social media? Or a forum? News sites? Fucking weather? Financial logins I get, but every single site requiring it is a cumulative time and hassle burden that is not worth it.

[–] BassTurd@lemmy.world 4 points 1 month ago

I would say anytime where someone can impersonate you or make purchases as you deserves MFA. That's my risk tolerance, but it can differ obviously. I just feel that threshold is too low for a lot of people.

[–] AtariDump@lemmy.world 1 points 1 month ago* (last edited 1 month ago)

…for social media?

Where someone can impersonal you and scam people out of money? Yes. 2FA.

…Fucking weather?

I mean, I’m not here to kink shame but, probably? I’m partially wondering now what weather looks like when it fucks. Like a tornado in a sinkhole?

…every single site requiring it is a cumulative time and hassle burden that is not worth it.

It wouldn’t be necessary IF:

  1. People chose decent passwords that were different for every login
  2. Website security was taken seriously by anyone who has a login.
[–] LaLuzDelSol@lemmy.world 2 points 1 month ago

At work I need multifactor for everything, but... ITS ALL THE SAME MICROSOFT ACCOUNT. We have SSO, but every single stupid webpage needs me to sign in separately with 2FA and forgets about me hours later. It's needlessly tedious.

load more comments (5 replies)
[–] neatchee@lemmy.world 24 points 1 month ago (17 children)

A minor annoyance now to avoid a major headache later. Worth the trade

load more comments (17 replies)
[–] GreenKnight23@lemmy.world 19 points 1 month ago (4 children)

got hired by a new company. every fucking day I have to MFA to use the VPN. then I have to MFA to sign into email. Then MFA into tickets. MFA into confluence. MFA into git.

and then I have to do it all over again 4 hours later after lunch.

[–] Evotech@lemmy.world 3 points 1 month ago (1 children)
[–] GreenKnight23@lemmy.world 2 points 1 month ago (1 children)

mid-size enterprise. my team has gone through 5 managers in 12 months.

they can't even with SSO right now lol

[–] Evotech@lemmy.world 2 points 1 month ago

It’s relatable

[–] rumba@lemmy.zip 2 points 1 month ago

I've had good luck with bitwarden. It copies autofills the username and password, then once you submit, it copies the 2fa to your clipboard.

of course, it's a pro feature, so you'd either pony up or host vaultwarden assuming you can even install the plugin on your PC.

[–] ArtVandelay@lemmy.world 2 points 1 month ago (1 children)

Same, but also add MFA to log into laptop.

load more comments (1 replies)
[–] serenissi@lemmy.world 1 points 1 month ago

Why not HSM?

[–] But_my_mom_says_im_cool@lemmy.world 17 points 1 month ago (1 children)

Oh you know your password? Fuck you. We’re sending an email to your second account and to verify that one we will text you.

[–] thermal_shock@lemmy.world 7 points 1 month ago* (last edited 1 month ago)

Let's say your account is logged into from 1000 miles away, wouldn't you want that account or device, whether it was you or an attacker, to prove itself?

In most cases, if you've logged in on a specific browser/device/account, unless you've cleared cookies, it doesn't constantly ask for MFA. but in my example above, a new IP, new device, or app, it should absolutely go "whoa, wtf is this" and make you verify.

[–] AFKBRBChocolate@lemmy.world 12 points 1 month ago

Well, maybe. You said years plural, so let's take just two years. 2 years * 365 days a year * 24 hours a day * 60 minutes an hour is 1,051,200 minutes in two years.

Let's say that every time you use 2FA it's an extra 2 minutes. How many times a day do you use 2FA? That's probably the biggest variable. For some people it's a couple times a week, for others it's several times a day. Let's say 5 times a day. We also need to know how long you've been using 2FA. That's going to be another big variable. Does 5 years seem reasonable? If so, 5 years * 5 times a day * 365 days a year * 2 minutes each time = 18,250 minutes wasted on 2FA.

That's a small fraction of the million minutes in two years, but it could change a lot depending on some of the variables.

But on the other side, if even one time the 2FA stopped you getting your account hacked, the calculation would change a lot.

[–] toy_boat_toy_boat@lemmy.world 8 points 1 month ago (1 children)

lost your password? time for a scavenger hunt!

[–] 2ndSkin@sh.itjust.works 7 points 1 month ago (1 children)

What was the colour of your childhood best friend's hero's first car?

[–] Albbi@lemmy.ca 3 points 1 month ago

Blue! No, yellooooooooowwwwwwwww...

[–] count_dongulus@lemmy.world 8 points 1 month ago (2 children)
[–] paraphrand@lemmy.world 6 points 1 month ago (1 children)
[–] rimu@piefed.social 5 points 1 month ago (1 children)

I saw your comment earlier today and thought "heh ok, challenge accepted."

https://piefed.social/post/762082

[–] paraphrand@lemmy.world 2 points 1 month ago
[–] lightsblinken@lemmy.world 1 points 1 month ago

i like the idea if username/password with optional passkey as secondary ... ie "something i can keep in my brain" mixed with "something a compute device can do"

having only a passkey doesn't feel like it aligns to a "defense in depth" approach, which we've learned many times over is critical to surviving a single oopsy. someone gets access to your passkey manager (eg phone) then you're fucked.

i'd like layers please!

[–] miss_demeanour@lemmy.dbzer0.com 7 points 1 month ago* (last edited 1 month ago) (1 children)

The MFAs using an authenticator are torture.

load more comments (1 replies)
[–] dragonfucker@lemmy.nz 6 points 1 month ago (1 children)

There's lots of things that have two factor authentication that don't need it.

Drag's bank lets drag log in and see drag's balance with just a password, but drag needs to authenticate to transfer any money. That's perfect, drag loves it. Yet somehow, drag's library card and epic games account have more restrictive MFA requirements.

[–] AtariDump@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

Drag probably wouldn’t want the library books Drag has been reading to be splashed across the town when the revolution happens.

Also, Drag’s bank doesn’t sound as secure as it should be; if I were Drag I would move my shiny rocks elsewhere.

[–] Widdershins@lemmy.world 4 points 1 month ago (1 children)

That reminds me I've gotta change the authenticator for my luggage

[–] neatchee@lemmy.world 3 points 1 month ago

1....2....3....4....5

[–] tauren@lemm.ee 4 points 1 month ago* (last edited 1 month ago)

At work, I must to use it every day to open google docs or gmail.

[–] Charlxmagne@lemmy.world 4 points 1 month ago (1 children)

Like with insurance, it's far more worth spending an extra 2.5 seconds on 2fa than it is spending regaining your stolen identity and (potentially) ruined reputation (unless it's text based 2fa)

[–] Evotech@lemmy.world 3 points 1 month ago

2.5 seconds? You must be the fastest 2fa grinder

[–] frezik@midwest.social 4 points 1 month ago

I'm glad that a pizza place has higher MFA requirements than many banks. We've made good decisions as a society for that to be true.

load more comments
view more: next ›