Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nixosbestos 4 days ago

How is it terrifying? They clicked through a 2FA reset email, a process that I have never, and will never need to go through, and seemingly one that they didn't even initiate.

goku12 4 days ago | parent | next [-]

How many developers are there like him? If not him, they'll target someone else. And while you or I will never do such a thing under normal circumstances, that's a pretty simple mistake to make if you are stressed, sleep deprived or sick. We are supposed to have automatic safeguards against such simple mistakes. (We used to design stuff with the assumption that if a human mistake is possible, someone will eventually make it for sure.)

crooked-v 4 days ago | parent | next [-]

Also, companies have mass popularized the whole 'click a link in an email to login' thing, which really contributes to the mistake factor.

4 days ago | parent | prev [-]
[deleted]
nodesocket 4 days ago | parent | prev [-]

Like you’ve never made a mistake before. Blatantly blaming the maintainer is unfair. They made a mistake, it happens.

nixosbestos 4 days ago | parent [-]

No, I have never, ever responded to an explicit ask to reset the most important security feature of my accounts, without me initiating it, and I use a password manager (lol) so, no, I will never, ever encounter this problem. Because I care about my data, safety, and integrity, and my users'. There's literally no reason ever why I would or will do a 2FA reset.

It does happen, yes, it's not terrifying.

kelvinjps10 4 days ago | parent | next [-]

The wording was similar to how GitHub started requiring 2FA. It wasn't "there is the 2FA change that initiate" it was more of starting September 10 we will starting to request 2fa

nixosbestos 4 days ago | parent [-]

Edit: I get it, it was a pw+top phishing/proxy attack.

Wouldn't have happened if they used passkeys or a password manager. Things that get dunked on here regularly. Hm.

wewtyflakes 4 days ago | parent | prev [-]

Nobody cares if you, specifically, are this diligent. The terror is because unless _absolutely everyone_ who maintains NPM packages is this diligent, then we are all vulnerable. That sounds terrifying to me!