11
theuser
35d

Oh ffs, just fucking inject a chip into my finger already for authentication purposes, you can track my every fucking move if you so wish. When a web page like twitch uses 2FA it boggles my mind because its a page where you're watching some fucking videos.

"hey there, so out of the blue, we send you a code to your email, we won't tell you which so good luck. Also, you cannot copy paste this code because we did that fucking thing where each character has its own textbox"

Of course, this is only because we are dumb enough to reuse shitty passwords. THIS IS WHY WE CAN'T HAVE NICE THINGS.

Comments
  • 5
    I hate that a few sites still use the stupid email code thing. They really just need to switch to time-based tokens like the rest of the world.

    Preferably the same format so I can use one 2FA token app for all of them instead of the 7 apps I currently need, as well as email and SMS tokens...
  • 1
    @EmberQuill you could use Google to log in to many websites, but I'm wishing this'll get better too
  • 2
    @EmberQuill the worst part about Twitch is, that they do use TOTP, but they specifically require you to use Authy, which is tied to your phone number. So you can't even set up 2FA without giving them your phone number, because they don't allow you to set it up the normal way (with qr/secret).
  • 2
    Okay hold on. What about a chip in your index finger on your right hand and a sensor in the left Mousebutton. You could log in just by clicking. That'd be pretty cool. Not a fan of cyborgs, but still pretty damn cool.
  • 1
    @Creep cyborgs are already here, or what do you think are people with artificial hearts, for example?
  • 0
    @stop oh damn. Good idea. Let's put chips into their artificial hearts so they can push their chests against the screen to unlock! Love this
  • 0
    @Creep
    1. There are already chips in there
    2. In many works an insecure os.
    3. some models can send and receive data multiple centimeters out of the body to reprogram them.
    You can literaly break their heart and KILL them.
  • 0
    @stop that's cool
  • 0
    @endor I don't use Authy and never have. I use Aegis, a TOTP app in f-droid, for twitch and a bunch of other things.

    They just namedrop Authy the same way places name drop Google Authenticator, even though they aren't required.
  • 0
    I didn't even realise they still do email authentication, since I use my TOTP app. :")
  • 0
    Twitch deals with real money. Let’s say you have a credit card (An of cause you do, if you used Amazon at least once) stored in their system.

    I can create a fake channel in a minute, setup donations, use your account to donate to myself then delete account.

    So twitch is a bad example. But I agree, a lot of websites don’t need it.

    Personally I use it only for websites where someone can really hurt me (Ex : Github of the company, Azure admin, Intercom, our own solution, bank, emails, Steam. Some more but don’t remember from top of my head)
  • 0
    @Creep Ok, So let's build it ! I'm good with software, but lacking hardware part. Can you put a sensor into a mouse button ?

    Pricing, I'm thinking our mouse with sennsor at 19.99 price point, and back end subscription around 5$/month.

    Also stand alone USB thingy (For people wanting gaming mouse at 200$) at about 9.99$
  • 2
    @NoToJavaScript I'm gonna build the mouse prototype. I'm a good surgeon, so I suggest we sacrifice your finger first
  • 1
    @Creep Well, we can use fingerprints before jumping to surgery !
    Look ar this flow :
    Let’s say we place fingerprint reader on theleft side of the mouse.
    Of cause you’ll need to import/recreate 2FA stored in software.
    Now you go to GitHub let’s say :
    Enters email
    Enters password
    2FA prompt, you touch fingerprint scanner, that pop up a selection of your 2FA acvcount just near TextBox, click github (Or detect it somehow), click next (We can even click next for user). Done.

    PROS :
    Faster than entering manually. WAY faster : 1 gesture on mouse, 1 click on the screen
    Available on all platforms (If not Linux crowd here will kill us)
    Secure. (Well as secure as 2FA and fingerprinting is)
    Compatibly with all existing WebSites
    CONS :
    We need to patent it and license to existing mouse makers. Too big of a challenge to create a new product.
    Who’s in ?
  • 1
    @NoToJavaScript wait wtf just a fingerprint sensor on the left mouse button would make everything easier. a chip would be overcomplicated. Just a single fingerprint sensor. That would be.... Actually amazing
  • 1
    @Creep Not even on the button (It's a movable part, it will eventually break) But on the left side. I look at my 5 mices here (4 broken lol) and they ALL have space needed
  • 1
    @Creep Step 2 : store data directlly in mouse firmware. This way you can just take your mouse with you and have working 2FA on any PC
    Step 3 : Add password manager. Promote “One click login”
  • 0
    @NoToJavaScript great, on the left side right underneath your thumb. That's amazing. I want one now. We can store the sensor on a button which can be used for any purpose. To get a bigger audience, like gamers. But the button has to be in the case of the mouse so it doesn't bother the user. I would buy one. You could also use the fingerprint to unlock your password manager database
  • 1
    @Creep Awwww too late.

    HP already did that (And probably patented)

    https://windowscentral.com/hps-clev...

    We are only 2 years too late
  • 0
    @NoToJavaScript But the position of the sensor sucks ass. If it's not patented we could release a way better version
  • 1
    @Creep Yeah.

    Worth a kickstarter lol
  • 1
    @NoToJavaScript Okay I found a gaming mouse with the fingerprint sensor right where we wanted to put it. Damnit, life sucks man.
  • 0
    @Creep Song I listen when I have a good idea, but after research someone has already tried it

    https://youtube.com/watch/...
  • 0
    @NoToJavaScript that hits differently
  • 0
    @Creep I'll go to Ogame now lol :)
  • 0
    @SiinaCutie I use Aegis too!
    Did you set up 2fa on twitch recently or a while ago?
    I'm setting it up right now, and they explicitly require my phone number to send a verification code to Authy, and there is no other way to proceed. It seems that they're not just name-dropping them, they're exclusively allowing only a specific proprietary app.
  • 0
    @endor I did list week. Will try again when I wake to see if it has changed.
  • 1
    @EmberQuill The funny thing is: Under the hood, nearly all 2FA Apps (even the proprietary ones) use TOTP. If one can extract the key - or better, registers an own one - it can be used in the app if choice.

    Examples:
    - Symantec VIP Access (e.g. for Paypal)
    - Blizzard Authenticator
  • 0
    @NoToJavaScript The flow works already with U2F / FIDO2 / Webauthn, not sure if Windows Hello finally exposes authentication hardware sensors to all software.

    Edit: If a security hardware (no fingerprint yet) is enough for you, get a Yubikey. It is already supported
  • 1
    @sbiewald yeah, I managed to get rid of a couple authentication apps, but I still have a bunch. I kept some because they offer one-touch verification instead of using a code. I kept a couple because I need them for work and they use a weird algorithm, and the rest because the registration process doesn't expose the keys and my phone isn't rooted so I can't retrieve them after.
  • 0
    @SiinaCutie if you already set it up don't waste time resetting it, I don't want you to lose your 2fa setup because of me 😅.

    Now that I think about it: did you configure it through the website, or through the app?
  • 0
    @sbiewald But they ONLY work with sites supporting this hardware. Our “project” would’ve worked with ANY 2FA site, as long as it’s standard and supported by (for example) authenticator app
  • 0
    @NoToJavaScript Dont forget my 8% share
  • 0
Add Comment