Its gotta suck to be the guy who has to text out all the two-factor authentication codes.

Clinicallydepressedpoochie@lemmy.world · 18 小时前

Its gotta suck to be the guy who has to text out all the two-factor authentication codes.

y0kai@lemmy.dbzer0.com · 13 分钟前

Nah, for some of us, it’s a talent and a calling.

Look:

055573

748391

663830

I know, I’m an artist. It’s OK to be in awe.

Clinicallydepressedpoochie@lemmy.world · 12 分钟前

Stunning

letsgo@lemm.ee · 58 分钟前

They’re comforted by the knowledge that at least they’re not the guy who installs indicators on BMWs.

baggachipz@sh.itjust.works · 3 小时前

I hate to tell you this, but it’s a factory full of children in China. Those tiny fingers can churn out the codes.

dubyakay@lemmy.ca · 13 小时前

Excuse you. This is shit posting from the loo. Not a shower thought.

SuperEars@lemmy.world · 31 分钟前

Is that a community already?

Balthazar@lemmy.world · 17 小时前

Imagine having to think of a new 6-digit number every few seconds!

NegentropicBoy@lemmy.world · 17 小时前

Write them all down on the first day, then just reuse the list. Don’t get caught.

Lost_My_Mind@lemmy.world · 15 小时前

8675309…dammit, thats too many numbers…

Quibblekrust@thelemmy.club · 13 小时前

How do you know my Lemmy password?

Balthazar@lemmy.world · 14 小时前

Hey, do you know Jenny too?!

Clinicallydepressedpoochie@lemmy.world · 17 小时前

Sounds exhausting

Maestro@fedia.io · 16 小时前

Nah, just roll some dice: http://gamesbyemail.com/news/diceomatic

FlihpFlorp@lemm.ee · 17 小时前

Yeah those 2FA guys have it the worst

I have actually have the codes in two different apps since ones behind an account so not only does the little elf in my phone have the to think of new numbers he has to make sure the numbers are synced up

Agent641@lemmy.world · 16 小时前

Just go sequentially

abbadon420@lemm.ee · 17 小时前

Reminds of of these

unemployedclaquer@sopuli.xyz · 11 小时前

ya’ll are weird this is how i get income i have an offshore account teeming with crypto from my two-factor homey just gotta take a shit over there in that bush right now

tacosanonymous@lemm.ee · 12 小时前

My guy was really lazy the other day. He just sent me back my phone number as a code.

TheReturnOfPEB@reddthat.com · edit-2 17 小时前

At least we know where he got them …

https://www.techradar.com/pro/security/hacker-advertises-alleged-database-of-89-million-steam-2fa-codes-source-of-leak-unknown

throwawayacc0430@sh.itjust.works · 14 小时前

I hate that guy/gal. RCS end to end encryption is already a thing and they didn’t enable it. SMH my head 🤦‍♂️

RagingSnarkasm@lemmy.world · 14 小时前

The people who downvoted this are the same people that I think Puscifer were singing about in “The Remedy”.

toy_boat_toy_boat@lemmy.world · 17 小时前

at some point, he just started smashing his head on the keyboard

Iheartcheese@lemmy.world · 16 小时前

Me too thanks

Forester@pawb.social · edit-2 17 小时前

Fun fact those are actually emailed most of the time. MMS format your [email protected]

Which is why they can sometimes get delayed for hours

Saik0 · 16 小时前

Deeply incorrect as most carriers have the SMS/MMS gateways disabled by default. Eg, you have to enable that function on Verizon. Also you’d see an email as the sending party, not a phone number/shortcode

Forester@pawb.social · edit-2 12 小时前

I mean I use the system literally daily but okay I don’t know if we’re an approved sender or what or how that works. I just know it gets sent out in an email.

Saik0 · edit-2 38 分钟前

You can use something and still fundamentally not understand it…

Here’s an example of a message that’s send the way you describe. Note the fully shown email address in the from field at the top.

And here’s a real 2fa short code message. This was not send via email, this was a registered shortcode number that would be registered with your telephone provider.

Notice that the real 2fa message doesn’t show a full email address as the sender?

If your company is relying on the sms/mms mail gateways, then you are not going to be able to reach most of your clients. Here’s the top 5 carriers in the USA.

Verizon (146 Million users) was opt-in for me (I had to turn it on in order to get my cloudflare alerts to work, can’t rely on email when I’m specifically monitoring the email server). For those who have Verizon, text “status” to 4040 to see if your gateway is active! (https://www.verizon.com/about/account-security/email-to-text-faqs). Though it is entirely possible that it’s no longer opt-in or has changed defaults over time… possible even repeatedly, my account is very old…

T-mobile’s (131 million users) gateway is opt-out last I checked. Meaning that a lot of people will find it once after getting some spam and turn it off.

ATT (118 million users) turned theirs off outright… https://www.att.com/support/article/wireless/KM1061254/

Boost (7 million) mobile relies on AT&T… See above.

US Cellular (4.4 million) - looks like it’s working.

These are the five biggest carriers in the USA, with 3 of them default to “no”… If you’re trusting this function to work for your users, then you’re in the wrong from an IT perspective.

Another reason you know that most companies do not use this mechanism for 2fa… 2fa pins expire. Can’t send 2fa pins that take “A couple of hours” to arrive when that pin expires in 10-15 minutes for most services.

Most sms texts come from registered services like twilio (https://www.twilio.com/en-us/messaging/channels/sms/short-codes), ez texting, salesmsg, textmagic, simple texting, slicktext, textla, etc… For the ones I’ve interacted with, you use their APIs to send messages, and the messages always come from a shortcode or normal phone number, never from an email address. I’ve never… ever ever… received an MFA pin from an email address. Always short codes or full phone numbers.

Edit: typo