# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 15
# self = https://watcher.sour.is/conv/5vhbxtq
eaplmx
twtxt.net
View Thread
Recommendation of today:
https://github.com/rsc/2fa

Instead of using your Phone, Google Authenticator, Aegis or something similar, get your 2FA/TOTP codes from the terminal.
prologic
twtxt.net
View Thread
@eaplmx This is _actually_ pretty cool and along the spirit of UNIX 👌

> Do one thing and do ti well!

I like it 😍
prologic
twtxt.net
View Thread
@eaplmx This is _actually_ pretty cool and along the spirit of UNIX 👌

> Do one thing and do ti well!

I like it 😍
eldersnake
yarn.andrewjvpowell.com
View Thread
@eaplmx I like it!
movq
www.uninformativ.de
View Thread
@eaplmx That looks interesting. 🤔 I’m still wondering how meaningful 2FA is in general. I use a password manager, so every site gets a unique 64 character password. So I guess my password manager is the main target of an attack, right? Someone needs access to my computer(s) for such an attack. Okay. But if I do 2FA, I’m basically forced to use a persistent browser profile (like everybody does anyway – mine are usually ephemeral though, all cookies deleted on exit), so doesn’t then *the browser* become the main target? If someone can attack my password manager, then they can also easily steal those cookies (and 2FA won’t help much). 🤔
movq
www.uninformativ.de
View Thread
@eaplmx That looks interesting. 🤔 I’m still wondering how meaningful 2FA is in general. I use a password manager, so every site gets a unique 64 character password. So I guess my password manager is the main target of an attack, right? Someone needs access to my computer(s) for such an attack. Okay. But if I do 2FA, I’m basically forced to use a persistent browser profile (like everybody does anyway – mine are usually ephemeral though, all cookies deleted on exit), so doesn’t then *the browser* become the main target? If someone can attack my password manager, then they can also easily steal those cookies (and 2FA won’t help much). 🤔
movq
www.uninformativ.de
View Thread
@eaplmx That looks interesting. 🤔 I’m still wondering how meaningful 2FA is in general. I use a password manager, so every site gets a unique 64 character password. So I guess my password manager is the main target of an attack, right? Someone needs access to my computer(s) for such an attack. Okay. But if I do 2FA, I’m basically forced to use a persistent browser profile (like everybody does anyway – mine are usually ephemeral though, all cookies deleted on exit), so doesn’t then *the browser* become the main target? If someone can attack my password manager, then they can also easily steal those cookies (and 2FA won’t help much). 🤔
movq
www.uninformativ.de
View Thread
(In a corporate setting, 2FA makes much more sense. Example: An employee has access to a password. When he gets fired, he could have easily copied that password to a private machine or wrote it on a piece of paper. So the password *must* be changed now, meaning you have to keep track of all passwords he had access to and so one. But if 2FA is involved here, the password isn’t enough. Big win. // This scenario does *not* apply to my private use, though.)
movq
www.uninformativ.de
View Thread
(In a corporate setting, 2FA makes much more sense. Example: An employee has access to a password. When he gets fired, he could have easily copied that password to a private machine or wrote it on a piece of paper. So the password *must* be changed now, meaning you have to keep track of all passwords he had access to and so on. But if 2FA is involved here, the password isn’t enough. Big win. // This scenario does *not* apply to my private use, though.)
movq
www.uninformativ.de
View Thread
(In a corporate setting, 2FA makes much more sense. Example: An employee has access to a password. When he gets fired, he could have easily copied that password to a private machine or wrote it on a piece of paper. So the password *must* be changed now, meaning you have to keep track of all passwords he had access to and so on. But if 2FA is involved here, the password isn’t enough. Big win. // This scenario does *not* apply to my private use, though.)
movq
www.uninformativ.de
View Thread
(In a corporate setting, 2FA makes much more sense. Example: An employee has access to a password. When he gets fired, he could have easily copied that password to a private machine or wrote it on a piece of paper. So the password *must* be changed now, meaning you have to keep track of all passwords he had access to and so on. But if 2FA is involved here, the password isn’t enough. Big win. // This scenario does *not* apply to my private use, though.)
prologic
twtxt.net
View Thread
@movq Interesting and valid points 🤔
prologic
twtxt.net
View Thread
@movq Interesting and valid points 🤔
eaplmx
twtxt.net
View Thread
The answer is long. I'll summarize that the purpose of 2FA is adding a layer of security in the easiest way for the user (then we arive to disasters like SMS)

A long topic but twtxt.net is trimming my text on mobile, I'll try on the laptop later 🙂
eaplmx
twtxt.net
View Thread
If we are using key pairs, maybe the 2FA is not that needed. I'm looking forward to use them on Web, but the attempts have failed many times.