jdupes: it’s great software. The author left GitHub not because of Microsoft, but because he refused to implement 2fa on his account, which GitHub made mandatory.
Well, its importance is IMO overblown. MFA as it’s usually implemented:
sms
email
TOTP
Sms and email are not really secure and TOTP is basically just a second password except you don’t use it directly, but use numbers derived from the password.
The more secure alternatives (hardware keys) are really uncommon even among tech people, let alone the general population.
Not saying I think it’s useless, I use MFA everywhere (because two passwords are better than one) but all in all it’s much less secure than people assume.
jdupes: it’s great software. The author left GitHub not because of Microsoft, but because he refused to implement 2fa on his account, which GitHub made mandatory.
Oh I would not trust software from a developer who does not understand the importance of MFA.
I mean, there’s probably nothing wrong with it, but that’s such a basic security issue that I would have zero faith they built the rest right.
Well, its importance is IMO overblown. MFA as it’s usually implemented:
Sms and email are not really secure and TOTP is basically just a second password except you don’t use it directly, but use numbers derived from the password.
The more secure alternatives (hardware keys) are really uncommon even among tech people, let alone the general population.
Not saying I think it’s useless, I use MFA everywhere (because two passwords are better than one) but all in all it’s much less secure than people assume.
Granted the forms of mfa available without a hardware key are far from perfect. But they are better then no extra authentication method.
A good plan violently executed now is better than a perfect plan executed next week
His website has some wild ranting about codeberg too. I’ve been tempted to stop using jdupes.
As have I… But it’s so dang handy. From what I know there is no alternative that is quite as good