Le Discord login:

*logs in*
Welcome back! Would you please authenticate after your first and successful login, so that we're sure that you're not a bot?

*15 (I shit you not) craptchas later*
New login location detected! Please check your email too!

FOR FUCKING REAL DISCORD!? How about you please just let me fucking log in already? Or are your audience - gamers - really *that* prone to infections that logins from bots are that big of a problem? Because guess what motherfuckers, then you've got *WAY* bigger problems to fix already. FUCKING LET ME IN!

Behind how many shady proxies are you, exactly?

@epse none actually - I don't really trust proxies all that much. Although I do currently have 3 VPN connections to my servers running :P turns out that my current public IP is one from a lesser used server of mine.

I think he disabled third party cookies.

@Condor yeah, discord doesn't like non-residential IPs

@stop I was using the Windows application, not the web browser.
@Alice likely Discord knows about commercial VPN's and treats them as such. On the internet, generally sites don't know that my servers are used as VPN's (testing each connecting IP on each common VPN port is expensive on compute and network).. however sites not knowing that I'm a VPN user has its pros and cons of course.

Yeah fucking discord captcha is shit, even wrong password need to pass captcha, fuck you discord

Welp... I'll be unpopular then....

Yes. Gamers are prone to fucking bot attacks... Especially from russia or asia. Why? Well, I've had accounts with strong passwords (lastpass) and they still got fucking hacked. Some of them had 2fa, email verifications but still got hacked in the service. No email was accessed, no 2fa breaches - just pure brute force...

Few of my friends got lots of their accounts stolen - r*, origin, gog, discord, lol, uplay, and some got even fucking steam accessed. There was no evidence that emails were hacked, none of them used easy or same passwords but... Leaks happen.

So I'd gladly take a few steps to login, since loosing huge game library can be expensive.

Ps. Captcha can be too much but... You may never know who tried yo access your account

@potata if a 2fa key is bruteforced their implementation is shit.

Sounds like exactly the kind of rant a robot would make. 🤔

@Codex404 you'd be surprised :) rarely a gaming company cares about security

@potata how about steam?

@devTea and humble bundle

@kwilliams welp, my cover has been blown 😰 beep boop! 🤖

@devTea Steam is pretty decent in that spectrum. Tho... If you don't have a 2fa from steam (their native one) - you'd be fucked since people will brute-force your password. Had one account lost like that.

As for humble bundle - I can't tell, rarely using it and when I do - I just use google login

@potata I like steam approach better, their 2fa works even when my phone if offline

@devTea its just totp with the own software. But i would like it better if i could use andOTP for it.

@devTea Steam has the same logic as google authenticator - they both work offline. And yes, I agree - it's a pretty nice thing, rather than having a 3rd party email, sms or whatever service that can fail

me trying to log into diccrod over Tor