| ▲ | typpilol 4 days ago | |
I just don't get how you didn't look for an announcement about npm resetting 2fa. Especially when you get a random reset | ||
| ▲ | acdha 4 days ago | parent [-] | |
Because you’re one person with a job which isn’t security, and the world is full of legitimate warnings from companies telling you that you must do something by an arbitrary deadline? They screwed up, but we have thousands of years of evidence that people make mistakes even when they really know better and the best way to prevent that is to remove places where a single person making a mistake causes a disaster. On that note, how many of the organizations at risk do you think have contributed a single dollar or developer-hour supporting the projects they trust? Maybe that’s where we should start looking for changes. | ||