Conversation
Notices
-
Embed this notice
I've had an idea for a new blog post :akko_thonk:
My approach to safely handling hardware MFA tokens so you don't royally fuck yourself when (not if!) you end up losing them. I'll also address handling the aftermath of losing them: considering those hardware tokens completely compromised, which requires removing them from every site you added them to.
- Haelwenn /элвэн/ :triskell: and NeonPurpleStar :heart_bi: like this.
- Haelwenn /элвэн/ :triskell: repeated this.
-
Embed this notice
I did kinda fuck myself with some sites and I'm having to go through an identity verification mess.
I also realised a day or so ago that I need to consider the TOTP aspect compromised, requiring me to regenerate secret TOTP tokens everywhere. WebAuthn and FIDO2 are compromised too, so I need to remove these devices from all the sites I added them to.
It's going to be a fuck ton of work :amolith_woozy:
-
Embed this notice
@amolith Ruthless Machine (computer) meets the chaos of real life.
Which reminds me of this article from someone whose house burnt, and so had nearly nothing proving their identity (other than I guess testimony).
-
Embed this notice
@lanodan I remember reading that too and the prospect scares me :neofox_sip_nervous:
-
Embed this notice
@amolith Same, at least in France I know that testimonies of identities are valid but it low-key makes me wish to have something like a dogtag (even though I'm an anti-militarist) for some public identifiers (like say social security number, I hate it but it's hecking resistant by design).
Amolith
Haelwenn /элвэн/ :triskell:
All GNU social JP content and data are available under the