The amount of people that leave things like youtube logged in on hotel room tv’s is also moderately staggering.
Tv and app creators I feel like are also a bit responsible for this by not making it easy to do timed logouts when you log into a device for the first time. Unless you have a mental or physical checklist going its not a high priority
Probably because most the TVs are designed to auto logout after check out. So when you run into one that isn’t it’s weird.
Interesting. I’ve actually never heard of them automatically logging out. That’s partly why I am hesitant to log in in the first place.
Most of the TVs that have apps like these in hotels specifically state on the login page that upon check out their system will automatically wipe your logins. At least in the several that I’ve used that have specific tight end apps like these. There are of course those cheap hotels that just have the Smart TVs in the rooms that you’re free to log in as you wish as long as you remember to log out. Usually in those cases I won’t log in at all or I may choose to log into like say Netflix if my kids are there and then are just remembered to log out. Of course I stay in a lot of hotels during the year as well. Think this year I’m already something like 20 or 25 nights in a hotel.
Wow! Heavy traveling in your job?
Both job and pleasure. I have family that lives out of state so I often go see them. My work takes me all over the West as well. And we like to go on adventures as well. I’m addition to the hotel nights we are at like 9 nights camping so far this year.
We just stayed at a disney resort a few weeks ago. The tv prompted us to sign into OUR disney+ account…
Ellipsis are wrongly used again. Why do you people keep using shit you do not understand?
Typesetter here. How are you doing?
As it happens, you can use an ellipsis to indicate a thought that has trailed off. It is standard usage.
Also, in reference to your comment, you say “Ellipsis are wrongly used again”.
Ellipsis is the singular form, meaning you have an error there.
You can say, “ellipsis is wrongly used…”
Or you can say, “ellipses are wrongly used…”
The choice is yours.
I used it to indicate my trailing thought. I had more written, but cut it off.
Also, no one cares about your grammar policing and it contributes nothing to the conversation
It contributes nothing to the conversation…
Does it really matter to anyone other than the streaming companies?
If the next guy at the hotel watches my HBO why would I care?
Worst case scenario I lose my spot in a show.
And lose your account and your google account if it’s youtube like the commenter said
And your account.
deleted by creator
Wonder what Timothy is up to nowadays
1337 h@xing the internets
Tight
2fa wouldn’t change anything and sms is an insecure system to begin with.
[citation needed] on the second half
A big feature of sms is that it’s not encrypted. Every tower that recieves the message is trusted to forward it unaltered. This is one attack avenue.
https://www.helpnetsecurity.com/2020/11/12/sms-voice-mfa/
Things like the following are generally recommended though Microsoft recommends using their app. https://www.yubico.com/
I should have clarified that sms 2fa is insecure not 2fa.
Okay that makes sense. Yes sms is insecure, not 2fa.
Briefly: look into sim swapping, which is the most obvious, day to day risk.
Then there’s SS7 and how inherently trusting the whole system is.
Then depending on where you are, some mobile networks still have terrible link encryption (were talking so bad a normal laptop is enough these days to break it on the fly). Granted, this is rare these days, in part thanks to the efforts of Karsten Knohl, SRLabs and other security researchers who did a lot to shine a light on this and SS7
Not sure how up to date it still is, but https://gsmmap.srlabs.de/ shows how unequal networks are.
This is becoming less of an issue as US Mobile has anti-SIM-hijacking protection; hopefully other carriers will follow suit. Of course, the carriers themselves can still read your msgs, but so can WhatsApp, probably (despite their claims to the contrary).
That’s all sms though, not 2fa in general.
All valid points and good information within that scope.
(…) and sms is an insecure system to begin with.
citation needed on the second half
That’s all sms though, not 2fa in general.
Are you an LLM?
It’s been edited, bud. Originally it said that 2fa in general is insecure.
The edit icon is a bit not-obvious in Voyager…
And I can’t view the original text.Edit: Speeling on a phone is hard (read: annyoing)
I don’t think the original text before edits is viewable by anyone other than possibly instance admins.
Timmy was later arrested and charged with violations of the CFAA, SCA, and ECPA. He faces 20 to life.
Back when I was in college, I was young and dumb enough that I’d login to AIM on the college computers. (Nowadays I won’t login to personal accounts on anything I don’t fully control. I’m always surprised by coworkers who check their bank accounts, social media, personal email, etc. on their work laptops.)
Anyway, even at the time I was pretty good at logging out when I left each computer, but once I forgot. The next time I logged in, I was surprised to discover that my entire buddy list had been cleared. I never understood the motivation behind doing so. I don’t think it was particularly funny but, even if it were, it’s not like the perpetrator got to see my reaction or even to point and laugh.
I did learn a lesson from it, but presuming that that was the mission of whomever did it feels … Generous.
deleted by creator
You shouldn’t.
If the goal was to teach me a lesson, there were less destructive ways to do it.
If the goal was to troll, well, that’s without redeeming qualities.
deleted by creator
I agree that doing something non destructive is fine, if unnecessary.
deleted by creator
All right then, “beneficial.” To anyone involved.
deleted by creator
Brown hat more like
A non-tech store had some iPhones and iPads on display. No internet. But it COULD connect to my phone hotspot. Wish I did something more than just download a rainbow six siege pic and set it as the wallpaper, but they took down that demo for I think close to a month.
A few days ago I though 2FA didn’t worked for lemmy but I just didn’t have timezone or something and that’s why I couldn’t login.
<-- Aegis is goated
Goated sounds disgusting.
I dont care for 2fa. Not interested in having my phone connected to my computer, and i dont like having an extra step when logging into stuff – especially an extra step that needs me to use a second device. Id honestly rather risk getting hacked over ever having to use 2fa again.
This makes me mad but I have absolutely no justification. Like, it’s your life. But I am incensed. Godspeed.
Thank you for the grace.
Use a Yubikey. It’s a small USB Device you can put on a keychain. It is still a second device, but it’s not your phone. And you always have your keys with you, anyway.
Yubikey is closed source and likely steals your data
Please provide a source to justify the “likely steals your data” comment.
You can never know.
I see such logic hourly on lemmy
I’m sorry, I don’t see how your reply answers my request for providing a source for your claim.
You can never know.
He says having never dealt with having his identity stolen.
Correct. It solved a problem that didnt exist for me.
Why do you think you need to connect your phone to your computer?
You do know you can just generate codes and neither device will know of the others existence, right?
I have no reason to believe that the google authenticator app on my google phone doesn’t register and record that it’s being used to log into XYZ website, and further that XYZ website is not then sending back unique identifying info to Google about me when ive used the code to log in.
I’ve lived with tech long enough to know that if they say “we absolutely don’t,” it really means they probably do.
Like when they swore up and down and gaslit us that our phones aren’t listening to us to generate ads.
How many lies can I believe before I begin assuming everything is just another lie from a liar?
Guess im paranoid.
But that whole thing ignores that it’s an annoying second step with another device. Like “you want to log in? Thread a needle with the string in your pocket first…”
But then just don’t use google authenticator and instead one of the FOSS alternatives? Aegis comes to mind.
Like the original reply to your situation said, you do you - but this seems a weird threat model to me, extra-step point notwithstanding.
MFA (a better term IMO for this) has nothing to go with phones, per se.
It’s just about reducing risk by adding more proofs that the person claiming to have the right to do something has indeed the right to do something.
Unless you have excellent password hygiene (long, random, different for every single site and service) the likelihood of having an account taken over goes up quite fast. The overwhelming majority of the population doesn’t, so forcing a second factor is a good way to limit damage.
If you don’tt like the multi step process, look at psskeys. They aren’t perfect, but they offer nearly all the security benefits of MFA without having to go throughthrough multiple steps.
That is not what ‘hacked’ means.
I’d counter this is exactly how a lot of hacking works
Absolutely can be
This is hacking. Just because it’s a trivial attack vector that’s easy to protect against doesn’t mean it isn’t.
SHH, HE’S A MASTER HACKER AND WILL HACK YOU IF YOU SAY SOMETHING WRONG
2FA won’t help if you leave a session running on a public device
That’s the comment I was looking for.
To be fair, we are in a specific community…
Two factor would not help here. One needs to remember to log out of public devices before leaving them.
Why would you even log into a public device?
best to always use incognito browser on public devices. when you close the browser, it logs you off automatically.
Or just not be a moron and put your credentials into a random device in some store
Who knows what is running on that device AND router.
Forreal I will never use a mfers WiFi
I mean, we have https now. Also VPNs. Wouldnt this make most situations secure?
You can always use pihole to mess with your local dns and resolve to a fake website that looks like your social media of choice and collect their password
Only if the user ignores the “unsafe connection” warning in the browser, since you won’t have an SSL certificate for the domain
lol, warned 2 guys I worked with not to use the starbucks free wifi or any free wifi. One of them had their bank info compromised, the other had their google compromised.
VPN ffs
At the time, when I warned against it, I was told that I was too paranoid. Guess I wasn’t as paranoid as they thought
Router doesn’t matter if the device is trusted and the service you’re using doesn’t have shite security, with things like HTTPS.
This is the way.
Kid looks like a Mad magazine cover.

Ok, you’ve hacked me.
I hope you’re ready for what you’re about to see.
Goat…
se
The greatest of all time
[Kermit_puppet_goatse.jpg]
“Hahaha hacked!!! … now let me dox myself.”
Maybe that’s the name he uses so people think he is called timothy! And it wasn’t a sprint store! Classic misdirects




















