wassup, long time no see :D
like what? 😂😂😂😂
but yeah 👌
Magic Links (just a shittier 2fa) style logins are just fvckin awful, depending on the awful, terrible, and dangerous tech called Email.
What's magic links? It's the thing that sends you email to verify presence.
Can't stress enough how awful everything connected to email is. I lost access to MULTIPLE services because of this shit.
TOTP 2FA is far better and safer.
What's TOTP/HOTP?
HOTP = Hmac-based One-Time Passwords
TOTP = Time-based One Time Passwords
A service, site, app, or your, generate a unique "key" that you have to add into an Authenticator app (like Google Authenticator, Bitwarden, 1password) gives one-time pins/passwords/passcodes. That's done with the magic of cryptography and it's actually safe & secure, proving presence.
TOTP is lovely. It's based on HOTP, where it is based on a counter - the counter should change to be able to get anoother one-time pass/pin/code. TOTP uses time for that counter, and it's actually "one-time" and cannot bruteforce or hack it.
Passkeys are the future. But what's Passkeys?
It's similar to TOTP 2FA, instead it's hardware-based generation. It's a way to sign/verify using cryptography built into your device. Every device nowadays has it. Call it Secure Enclave or whatever - that's it.
Passkeys = biometrics login (face id, touch id, fingerprints)
The State of the art. Resistant to phishing attacks. And so much more.
We are still 1 year before mass adoption, because we are waiting for WebAuthn Level 3 to land.
Until then people land in thhe latest versions of iOS and Android.. USE TOTP 2FA!
We talk about password-less future, but what about email-less?! Every site, app, and service MUST drop emails and passwords. Just username and TOTP code - that's all! That's how TOTP 2FA becomes 1-factor auth that's actually secure.
Here's the catch tho. The greedy assfvcked and broken capitalism never gonna allow dropping email, it's a heaven for marketers and scammers. And YOU, THE PEOPLE, are not what matters. They don't care about you, but your data and spamming you and telling you what to do, what to buy, and what to think.
erm.. no, that's not "easier", it's exactly the same as "editing the articles". The way is to just make another client that actually respects the usual markdown (nip23)
what's ecash/cashu? i keep seeing that? I know there was rebrand of some blockchain to eCash but..
what are cashu tokens?
#nostr #asknostr
Made a thingy ;)
Stateless passwords and keys derivation.
Can be used for a bunch of things, crypto wallets (#bitcoin, #ethereum, #nostr) manager, and a password manager.
Can also be used for storing 2FA secrets.
#software #devel #dev #development #asknostr #intro
Where's the #Nostr #developer community? I want to connect, cuz as dev i have thoughts, ideas, questions.. constantly..
I'm actually going build something cool ;)
Is there some group chat or something?
I mean, i can get deep around Github but.. still.
#nodejs #typescript #rust #web3 #dev #webdev #devchat
nostr:nprofile1qqs24yz8xftq8kkdf7q5yzf4v7tn2ek78v0zp2y427mj3sa7f34ggjcpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcppemhxue69uhkummn9ekx7mp0qyg8wumn8ghj7mn0wd68ytnddakj703s8dt 🤔👆👆👆
Why there's no setting in Amethyst to set a default emoji for likes.. 🤦♂️ duh...
oh anyway, i gound it, the nip5 that i remember pretty clearly i had in the previous account ;d 🤷♂️
nostr:note1zj3wl35va8ft3a7fvhzplazvq2e6cpv97g7t9hsqr6wd76hjnzws0zmm4v
How i get a checkmark? and email beside my username?
oh gosh found the primal wallet email 😂🤦♂️ purpleimpala10@primal.net where do i set it? 😁 oh, i ghink I've noticed a field for that in amethyst 🤦♂️
oh for sure, i even noticed a scam dm here already LOL 😆
now, I'm lazy yo get to the desktop now, so I'm just trying to register from mobile browser, brave on mobile, but firefox everywhere else
probably 😅🤷♂️ I've read some article by the Nos Social team who were on ssb.
any other deep tech dives comparing the two?