Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
tialaramex 2 days ago

> Don’t worry, when they actually target you, you’ll be caught.

When they target me, which happens, it doesn't work because of WebAuthn.

Buy a Security Key. If you think you might lose it, buy at least two more. For critical sites like GitHub (which was targeted here) set up your Security Keys and get into the habit of relying on them. It's the same philosophy as Rust itself, machines are really good at diligently performing a simple task, so don't leave those tasks to human vigilance, that is a foolish misallocation of resources.

immibis 2 days ago | parent [-]

"Your WebAuthn key enrollment period has expired. Please log in to re-enroll a new key."

Something similar to this was in the recent npmjs thing.

tialaramex 2 days ago | parent [-]

I can't find any trace of such a thing, do you have links?

What would it even mean to "log in" if they reject my authenticator ? Logging in is what it's for.

immibis a day ago | parent [-]

You have to log in with your password, of course. And then re-enroll your authenticator.

tialaramex a day ago | parent [-]

So, firstly, this won't actually help them which is why they won't try it. GitHub is aware that passwords are crap and since I have a Security Key it will ask to see my Security Key, "But I know tialaramex's password" doesn't help you.

But also you presented no evidence they can somehow detect their problem and try to ask for the password even if it would help them.