technology

23383 readers

233 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 4 years ago

MODERATORS

context@hexbear.net

EmmaGoldman@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

ZoomeristLeninist@hexbear.net

102

I hate 2FA Hell (hexbear.net)

submitted 1 day ago by BeamBrain@hexbear.net to c/technology@hexbear.net

45 comments fedilink hide all child comments

Installed Steam on a new computer. Signed in. It sent a passcode to my GMail. I signed into GMail. It wanted me to 2FA because I hadn't signed into Google on that device. It sent a notification to my phone, which I never received. I had it resend the notification twice, still nothing. Tried again with my phone's offline passcodes. Neither worked. Tried the QR code/Bluetooth connection, and that finally did it.

At least I got through in the end, but fuck, it's annoying.

you are viewing a single comment's thread
view the rest of the comments

[–] edge@hexbear.net 9 points 1 day ago (2 children)

Steam's preferred 2FA is getting a code from their app. It looks like it might be TOTP technically but they don't freely give out the secret for use in another app, but there might be ways to extract it.

Google offers TOTP and used to let you set it as the default, but now I guess they want to push their own in app prompt so you have to pick the "try another way" option every time.

[–] gay_king_prince_charles@hexbear.net 8 points 1 day ago

Dark patterns are for cowards. Either remove the feature like you want to or just keep it.

[–] chickentendrils@lemmy.ml 5 points 1 day ago* (last edited 1 day ago)

Yeah for Steam you have to use 3rd party tools or pull a file off your mobile device/emulator and extract the TOTP secret (and use plugins for password managers to render the alphanumeric code with the characters they want, it's just a non-standard TOTP representation and sucks so much).

The maker of that "Authy" shit that's just TOTP generator/backup once again locked behind your fuckin phone number deserves a special place in hell. It's Twilio, a virtual phone/SMS API provider... and owner of Sendgrid. Same deal as with Steam where they'll add the TOTP secret to the Authy app and you have to extract it manually to use in a different app/password manager. At least the codes are part of the IETF standard. Just generated with an uncommon <30s step interval for rolling over and I believe are 7 digits instead of 6. KeepassXC natively had configuration for it at least.