Notices by Nicholas Dionysopoulos (nikosdion@fosstodon.org)

#joomla now has the only MFA implementation in the world with a pointless and user-hostile retry limit, therefore making sure that people WILL get locked out of their sites, with no way to get back in that doesn't involve database editing, thereby conditioning them to NOT use MFA. I should had never contributed this to Joomla. I should have known better. Stupid me.

Another idiotic thing this so-called "security" #joomla patch gets wrong is that it does not reset the MFA retry count when you log in with WebAuthn (or any other "silent" login). You know, the authentication options which deliberately bypass MFA because the security is guaranteed otherwise.

@MartinH Therefore, you are disabling the ONLY secure way of logging into your site. Because Joomla decided to water down this feature so much that it became a nuisance. I tried to keep y'all safe with WebAuthn and MFA but the Joomla! idiocracy prevailed. I should have kept this code as 3PD extensions. I should have known better than to trust Joomla! with my code. Well, not a mistake I'll be doing again!

Ah, January. What better way to start the new year than spending a day to change #copyright headers across the numerous #foss repositories I actively manage? It's nearly midnight and I'm just done — literally and figuratively.