Modern Web Woes - I'm mad at the internet

  • 🇵🇦 Nuestro primer dominio localizado está en español en kiwifarms.pa. Our first localized domain is on Spanish on kiwifarms.pa.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
This is on you, guys. Unused phone numbers, only one e-mail address, expired cards you used for verification.

These are all your failures, don't blame others for them.
Yeah no. We've arrived at this point in time where username/email with password login is considered not good enough and so if you login from a new location, you'd have to submit a one-time password from SMS or a 2FA app (fine if it's just standard TOTP, extremely jeeted if it requires specific platforms like Authy or Microsoft Authenticator). And as others have said, sometimes you have to verify other details like credit card number and phone numbers too.

You might also have to turn your head left and right while facing the camera, perhaps opening your mouth (literal soyjakking) if you're using some mobile app that demands really high security for one reason or another.

All of these is made worse by the fact that jeets and LLMs handle your personal data now. Instagram just had an exploit [A] last month that let people take over accounts with the Meta AI via account recovery.
 
So, you're missing the point. This whole procedure is about restoring access in case you lose your username and/or password. It makes sense, and in earlier days of the Internet, the 2FA was your first pet's name.
And that's where you're wrong. Account recovery is inherently broken. Security questions? If you fill them in honestly, the answers could probably be found with a bit of OSINTing if the target has terrible opsec.

Though I must concur, it's 2026 and if you don't use a password manager to store your account details, you might be dumb
 
And that's where you're wrong. Account recovery is inherently broken. Security questions? If you fill them in honestly, the answers could probably be found with a bit of OSINTing if the target has terrible opsec.
Sure, that's why it isn't done anymore. Probably half the darknet population knows my first pet's name by now. But those things have been replaces by TOTP and other measures, and they have worked very well for me, but I still have that phone number and e-mail address from 2001, and a few more for redundancy.
 
There comes the point in time where you just give in and use a standard authenticator. The only problem is you get a new phone you can't always transfer that. If you had a hardware dongle like they did back in the 90s you would be fine- for one website. YubiKey isn't global enough yet. God forbid you put Faith in Microsoft Hello.

Phone number is also an issue. I was trying to transfer out of one provider and they made it so painful that after paying for it and having no service for 4 months while they held up transfer, I eventually gave up that number. I lost access to several websites.. because I forgot that I used it for secondary authentication.

Complaints about AI and a lack of competent personnel doesn't end here. It took me almost 2 hours to get ahold of someone at Amazon because their AI wanted me to send back scented oil that arrived as a bag of broken glass and leaking. It would not accept the fact that it was hazardous and flammable as an excuse. I sent the human agent a picture from my phone and I was almost immediately reimbursed and told to throw it out.
 
We've arrived at this point in time where username/email with password login is considered not good enough and so if you login from a new location, you'd have to submit a one-time password from SMS or a 2FA app
Username-and-password logins have been a problem since they were first conceived. 2FA fixed this for the most part.
(fine if it's just standard TOTP, extremely jeeted if it requires specific platforms like Authy or Microsoft Authenticator).
Traditional TOTP can be phished. Unfortunately hardware keys are what are required. I hate Authy and Authenticator and think the phishing is unlikely, but IT departments won't budge on it.

I am probably the only guy that is running a Graphene OS phone in the entire company.
And as others have said, sometimes you have to verify other details like credit card number and phone numbers too.
You might also have to turn your head left and right while facing the camera, perhaps opening your mouth (literal soyjakking) if you're using some mobile app that demands really high security for one reason or another.
A phone number / CC is often required because services will be abused otherwise.
KYC is often mandated by law, often for financial or anything quasi-financial.

Blame government and/or criminals. I agree it is all shit, but that is because people abuse what is there.
All of these is made worse by the fact that jeets and LLMs handle your personal data now. Instagram just had an exploit [A] last month that let people take over accounts with the Meta AI via account recovery.
I agree. However much of this data collection is now mandated by law.
 
Phone number is also an issue. I was trying to transfer out of one provider and they made it so painful that after paying for it and having no service for 4 months while they held up transfer, I eventually gave up that number. I lost access to several websites.. because I forgot that I used it for secondary authentication.
Ahhh, the smell of freedom when you lose access everywhere because companies are allowed to treat their customers like crap.
In Soviet Evropa, your operator is compelled by law to transfer your number, and do it quickly.
 
In Soviet Evropa, your operator is compelled by law to transfer your number, and do it quickly.
There are certain rules in place that make it easier, but if they're incompetent, they're just incompetent. I had one where I lost a number because the providing service wasn't smart enough to explicitly follow the request- that the losing provider told them (Mostly nationalized now, but not 100% standardized).

My fault for being a poor on Cricket. Worst provider I've ever had.

I'm sick with all of the CSS layovers that are timed to compel you to give up personal information and/or money to read a 2 minute article. No. Go away. If I want to support you, I'll decide to. Put up a damn paywall but still allow search engines to index your shit? Go directly to jail.
 
I'm sick with all of the CSS layovers that are timed to compel you to give up personal information and/or money to read a 2 minute article. No. Go away. If I want to support you, I'll decide to. Put up a damn paywall but still allow search engines to index your shit? Go directly to jail.
Use adblockers to remove them. If their names contain randomized strings, you can try with an asterisk, where possible.
 
Use adblockers to remove them. If their names contain randomized strings, you can try with an asterisk, where possible.
Yeah, I've done that as well as added custom block rules, but some of them used tricks to only render a viewport that is locked when you block the interstitial. If they're that interested in keeping me from reading their site, they've got it.
 
Atrás
Top Abajo