What are the implications of this?
What are the implications of this?
Password is necessary for two-factor authentication. The factors of authentication are something you know (like a password), something you have (like a cell phone), and something you are (like a biometric).
An example of three-factor authentication would be this—imagine a spy going into a secret bunker. They need to scan their iris, insert a key card, and then enter a passcode before the door opens. This has all three factors of authentication; the passcode is something they know, the key card is something they have, the iris scan is something they are.
If it just sends a code to your phone, that’s one-factor authentication (something you have). Anyone with your phone can get into your account. Unless, of course, your phone hides its notifications and you have a screen lock. Then that’s actually two-factor authentication because you also need to know the phone PIN or have the biometric.
If it just asks for a password, that’s one-factor authentication (something you know).
If it asks for your password and then sends a code to your phone, which you need a fingerprint or face scan to unlock, you have achieved three-factor authentication.
Edit: Interesting tidbit—in the USA, you can rent a mailbox at the post office to receive mail when you don’t want to give out your real address. Useful for privacy reasons. I’m sure they have similar things in other countries. These mailboxes come with a key. This is actually two-factor authentication, because the keys usually don’t have the mailbox number written on them! So you have to have the key and also have to know which mailbox among the hundreds at the post office it opens.
TOTP is standardised by RFC 6238 so all TOTP clients must comply with the standard and therefore work equally well. Pick the one whose UI you like the most and is otherwise good enough for your use case and personal preferences. It’s similar to arguments over CPU thermal paste—its presence or absence makes a much larger difference than the method of application.
You do, however, want to pick something that is free and open-source and also popular. Google Authenticator (closed source) definitely is a functional TOTP client but you have to trust that the Google engineers have done a good job building a secure app. Since it’s Google, they probably have, but a principle in security is that you should not have to trust more people than absolutely necessary.
Yes, but this is like replacing the front door of your house with a bank vault door. Yes, it’s more secure, but there is a point of “reasonably secure enough” for most people and at some point, you are just inconveniencing yourself for no tangible gain.
It’s not a hard concept. In almost every well-designed security system, the weakest links are invariably the humans
The passwords are stored locally. You can test this yourself by turning off your WiFi or disconnecting your Ethernet cable and then going to about:logins. All the passwords will still be there.
I have a script running that uses the Namecheap API to automatically get wildcard certs from Let’s Encrypt. I didn’t pay a dime for this. Did something change?
Nothing wrong with Boost Mobile, or any other discount telecom provider either. It’s not like the phone signals taste different lmao
It’s just a hallmark of “I bought the cheapest domain name TLD available”.
That’s not necessarily bad if all you need is something to get the job done, but there is a stereotype associated with it.
I think most of the complaints are that Microsoft Office doesn’t work. Which is true. The web version of Microsoft Office is honestly kinda terrible.
And no, people don’t want to use a product that does the same thing as Microsoft Office, they want to use a product called “Microsoft Office”. No, it’s not logical, and doesn’t make any sense at all but it’s how people are.
What I predict will happen is that Microsoft will offer them Windows for free or bribe the relevant decision makers with free Surface Pro laptops (for “evaluation”) or other Microsoft paraphernalia.
There is probably a person with the power to inject the GPL into the license agreement, and if it does, it would destroy Microsoft as they’d now be legally required to cough up the source code for Windows
Take one for the team!
I’m going to be honest with you, as often as this has been memed and for as long as I have been using Windows on my work computer, I have never once been forced to restart on the spot by an automatic update.
I’m sure those who have will be quick to reply but at this point I’m 90% confident it’s a loud minority.
That’s not a solution. It’s a way for you to avoid the problem. It does nothing to help the millions of people who are already deeply invested in the Apple ecosystem.
I don’t have a problem with snaps as a technology. If you want to use them, then who am I to judge?
But what I do have a problem with is when I don’t have a choice and I am being forced to use what the distro maintainers think is good for me. That is what finally made me quit Ubuntu and switch to Fedora.