this post was submitted on 16 Mar 2025
628 points (97.6% liked)
Greentext
6110 readers
1159 users here now
This is a place to share greentexts and witness the confounding life of Anon. If you're new to the Greentext community, think of it as a sort of zoo with Anon as the main attraction.
Be warned:
- Anon is often crazy.
- Anon is often depressed.
- Anon frequently shares thoughts that are immature, offensive, or incomprehensible.
If you find yourself getting angry (or god forbid, agreeing) with something Anon has said, you might be doing it wrong.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is why people should be worried of using these massive services, luckily it was ‘only’ Discord (if this was your primary way to interact with friends, this can be a huge deal).
But imagine if it was your email account!
Getting a reputable provider, self hosting or using a decentralized option is paramount for your own sanity.
There was that man who was all in on Google.
He had a telemedicine appointment for his son who had a problem with his penis. Dr asked him to send a close-up photo so he could diagnose the skin condition
So the guy takes the photo with his pixel phone and sends it
The phone automatically backs up the photo
Google's AI says it's child porn, his account is deleted and police are contacted
Police look into it and say "not porn, totally fine" but have to go to his house to tell him the was no problem because his phone was Google, his internet was Google fibre, his email was Gmail and his photo album was on Google and all that was irrevocably deleted
That's insane
Yep. Guy had his life pretty much ruined. Don't tether your life to a company — they don't care about you, they have no duty toward you
Currently having problems with GMail I lost my old phone (2fA) and no device was logged in so i could not access steam and like everything that requires that old mail
And my phone provider or postal service is stupid because i could not get a replacement sim after multiple tries which normally works
Googles account recovery policy is basically:
I think the recovery mail option only gets unlocked after 6? months inactivity because ~3 months ago i did not have the option
Now after requesting a recovery i still have to wait a full month before they maybe send me a password reset to my moms mail
But steam support was nice. Managed to get the account by providing a product key i used a few months ago and was lucky enough not to have thrown the physical card away
You can still accidentally leak your password via phishing or malware. 2FA is fine if you don't tie it to a phone number, simplest way: install any authenticator app for TOTP tokens. Scan the QR code on multiple devices like phone + tablet, or old phone, for redundancy. Or save the secret key.
Google and most critical services also give you a list of 10 single use emergency codes that you should print or save in Keepass - lost the phone? Nbd just use one of the codes and reset 2FA.
I also never thought my non shared password would be public but one day I suddenly got prompted on the authenticator if I wanted to login; still no idea how or why but at least no one could get in and immediately rotated out the password.
You don't evwn need to "scan" anything - you can copy and paste the steing they provide into, for example, KeepassXC, and then thoroughly back up its database.
This is what I do as well. A few services force 2fa though and also have 0 good options (let me use my flipper as a u2f through not chrome, ungoogled-chromium works, but damn), and for those I'm forced to use text.
While I'm here, anyone have a good chrome based browser that is private and can use serial ports for flashing meshtastic devices and u2f? Need android mainly because I have ungoogled-chromium on linux, but will take recs for linux too if there's a better one.
Nah, any decent password manager or security application can manage multi-factor security credentials of any kind without lock-out due to phone loss.
Password authentication is beyond primitive by offering too many avenues of attack: the full secret is transmitted & shared. Passkeys, client certificates, OTP don't transmit the secret key. Passkeys & client certificates authentication never share a secret key, so the server can't expose it.
This made me thinking about Valve potentially banning my 19-years-old Steam account due to some error or a mistake 💀 I heard bad things about their customer support.