Gregory's Servernvidia: we are very concerned that if you don’t add 2fa to this account we forced you to make, criminals might download these free drivers without giving us accurate marketing demographic details
your bank: sorry, what? you want two tractors?
 69 comments
@bdwl @0xabad1dea I called my bank for help getting into their site. They didn't have my phone number on file so they asked for it. Then immediately after that they required a security code that was sent by text, to the number I had just provided. 🤦   @RnDanger @0xabad1dea Oh! I had the same issue with Capital One. The problem was actually with my username. They changed the username requirements late last year, and of course didn’t tell anyone. Instead of an email address, they want a separate username now. Once I changed it, then everything worked again. If yours is a Capital One account, try changing your username. @handler @0xabad1dea Thank you 🙏  @RnDanger @0xabad1dea But $LARGE_MEDIA_COMPANY fixed that long ago. @0xabad1dea @enkiusz There is anon, which is pretty the expected configuration. The website can just call ftp:// to it as well that way. Drivers belong as source code in HTTP-accessible repositories (and as or in packages, distributed as part of your OS). As we're talking about graphics drivers here:  @enkiusz @0xabad1dea Drivers belong behind the steering wheel. Letting hardware talk to computers is a mistake! @enkiusz @0xabad1dea Even if the web URL is ftp:// so you don't even have to worry about accidentally getting out of sync. Why is that so hard for so many sites?  @0xabad1dea I'm still trying to figure out why the payment portal for my doctor has an "I'm not a robot" check.   @Hasufin @0xabad1dea obviously, this is a doctor for humans. If you're a robot, better call the garage. @bonkers @0xabad1dea No, what's weird is, it's not in the patient portal, just the payment. Apparently they will look at robots, but not accept payment from them. I suspect a conspiracy. @Hasufin @0xabad1dea my local pizza place sometimes wants a captcha both after logging in and before payment. just in case I'd been borged while deciding what toppings I want. @raboof @0xabad1dea If I'm being serious, my guess is they threw every possible "security" widget onto the payment portal and didn't ask "Does this make sense for this use case?"  @0xabad1dea You make fun of it, but two-tractor authentication has never been cracked!  @grumpybozo @0xabad1dea As far as I remember this one could even be authentic. However, the Epic Split feat. Chuck Norris certainly is not :D  @grumpybozo @0xabad1dea Well, if you mean the kind of tractors that have VTOL capabilities, then yeah, those would help with authorization and access.  @0xabad1dea Back when I got my first yubikey, my credit union didn't allow passwords over 8 characters long. When they extended that limit to 16 or something I called it a win. @tekhedd @0xabad1dea Palo Alto is the same. One can’t even look at support articles without signing in and doing 2FA. 😅  @0xabad1dea I needed this laugh today. Also, painfully accurate. @0xabad1dea The Blizzard Authenticator, a TOTP implementation, was released March 2009. No major US bank had two-factor authentication of any kind until years later. J.P. Morgan Chase still uses SMS. @r000t @0xabad1dea not exactly, back in 2000, my swiss bank had a 2fa (kinda). I received by post a small cardboard with a 8*12 table populated with numbers. And each rime I logged in, I had to provide a number : A9, J2, etc.  @Kye @flore @0xabad1dea nah, I don't remember what it's called, but LastPass in the early 2010s had it as a free-tier 2FA feature. The codes aren't "burned" as they're used like an OTP would be, you're just asked to provide random values from the grid. Sorta like early video game DRM. @r000t @flore @0xabad1dea I still remember the recommended speed for an asteroid field in Wing Commander because it was one of the answers to the DRM questions. @r000t @Kye @0xabad1dea it's not a TOTP, right. But it's still a 2nd factor : something you own (in addition to the password : something you know) @flore @r000t @0xabad1dea The authentication apps on phones are more convenient (and they're locked to the phone, so also 'something you have'), but I'm still terrified by what will happen if/when my phone breaks. (Yes, I do have some recovery codes.) @tpuddle @flore @0xabad1dea In theory, an attacker could collect the whole card 4-5 cells at a time with each auth he's able to monitor. So while it's still going to stop 99%+ of attacks, TOTP and webauthn are technically better. As for your backups when enrolling a phone app, store the shared secret somewhere, or a copy of the QR code. Nicer third party TOTP apps let you back up their whole database but keeping the shared secrets is portable. @r000t @tpuddle @0xabad1dea As I said it was in 2000 (before 2003), so smartphone didn't exist. @flore @r000t @0xabad1dea  @r000t @0xabad1dea and the Blizzard Authenticator was a physical device, no SMS! They've gone a bit backwards now and require an app, no more physical device, but they still incentivize 2FA (you can't do certain things until you set it up)   @CatDragon @0xabad1dea I remember maybe 15 years ago some banks were offering to send out a fingerprint reader, maybe it was more for business customers. Now most banking apps tie in to the phone's biometric reader, so - you can! @CatDragon a good password is one that is hard to crack, is unique to the account (so if it is leaked then it only affects one account), can be secret, and can be changed when needed. Fingerprints are great for identification, though - they could probably replace usernames. @mikeburns I change all mine every week or so and am enough a Luddite to keep them in a notebook rather than stored online. @0xabad1dea My bank doesn't have TOTP-2FA, but they do have email-2FA. Or at least they did, until they locked me out of my account and forced me to downgrade from email to SMS-2FA and said it was to improve security.  @0xabad1dea I suggested the same issue on Twitter, but apparently you can download the driver's manually still....  @0xabad1dea my bank heard that it was a good thing to force users to have punctuation and numbers in their passwords for security reasons so they said "I'll do you one better - punctuation and numbers required in usernames!" @0xabad1dea Also your bank:  @0xabad1dea Posts like this make me glad I use Debian...I was blissfully ignorant that Nvidia is doing that, installing FOSS drivers is totally automatic and installing the proprietary ones is sudo apt install nvidia-detect, then run nvidia-detect to reveal the next apt one liner needed to finish the job.  @BalooUriza @0xabad1dea it's only for using the (for now still optional, and Windows-only) "GeForce experience" software, used for applying/enhancing the applications' settings. Downloading, installing and using the drivers alone require no account whatsoever @0xabad1dea "'2 factor orphan vacation'? I'm sorry sir, we can't talk to you while you're drunk, you make no sense" @0xabad1dea When I worked at an ISP that had been around 8 years, my job was to contact the last 5 customers on UUCP and offer them free connectivity just to get them off UUCP. All five were banks @0xabad1dea when I had to change my passwords a few months ago (thanks lastpass) I was pleasantly surprised my banks let me have passwords longer than 8 characters now. The ones that did have 2FA most were sms but my credit union has authenticator 2FA. Welcome to office 365, please get your second tractor out so we can log in. @0xabad1dea here in France, banks are required by law to provide and enforce 2FA (not sure if that’s an european or french thing tho) |
@0xabad1dea we use several factors to verify your identity when you enter your password from an IP we don’t recognize. Also, you can reset that password with just one factor.