[Outdated, please look at pinned post] Casual Conversation

253 readers

1 users here now

Share a story, ask a question, or start a conversation about (almost) anything you desire. Maybe you'll make some friends in the process.

RULES

Be respectful: no harassment, hate speech, bigotry, and/or trolling
Encourage conversation in your post
Avoid controversial topics such as politics or societal debates
Keep it clean and SFW: No illegal content or anything gross and inappropriate
No solicitation such as ads, promotional content, spam, surveys etc.
Respect privacy: Don’t ask for or share any personal information

Related discussion-focused communities

founded 1 year ago

MODERATORS

[email protected]

151

Any company that still insists on forced password resets and frequent changes needs to learn about Social Engineering and Human Factors. (yiffit.net)

submitted 9 months ago by [email protected] to c/[email protected]

61 comments fedilink hide all child comments

These are the same companies that don't support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 9 months ago (2 children)

I don't trust them.

[–] [email protected] 1 points 9 months ago

Even locally? https://keepassxc.org/ can be an option

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

I didn't either, so I self-host mine via vaultwarden. My passwords never leave my own systems (unless being used to login ofc), except for transit between my server and client devices. That is encrypted before storage or flight then wrapped in tls for https and again for a vpn connection (also self-hosted).