It should indeed sound distant and muffled with the composition and temperature of Mar's atmosphere. Saw a neat pseudo-documentary on this not too long ago: https://youtu.be/OeYnV9zp7Dk?t=551
Gravity does not travel at the speed of light. Some speculate that instant (ie: faster than light) communication could be possible by manipulating gravity.
> It works by asking the browser to show a confirmation dialog in a popup window. Then the JavaScript code can detect if a popup has just been opened and detect the presence of an application based on that.
> ...
> Tor Browser has confirmation dialogs disabled entirely as a privacy feature, which, ironically, exposed a more damaging vulnerability for this particular exploit. Nothing is shown while the exploit runs in the background, contrasting with other browsers that show pop-ups during the process.
Sadly that's not going to fly, since the damage a bad actor can do with your account will generally hurt the service's bottom line.
Consider a game, as an example. A stolen account can be used to play with cheats or to commit credit fraud / chargebacks, and the typical punishment of banning the account is no longer a deterrent. If there's an in-game player market or gifting system, items can even be transferred to otherwise legitimate accounts.
> A stolen account can be used to play with cheats or to commit credit fraud / chargebacks, and the typical punishment of banning the account is no longer a deterrent. If there's an in-game player market or gifting system, items can even be transferred to otherwise legitimate accounts.
How is that hurting the company? It would mostly hurt me as the original account holder. Except for the cheating, but that can just be done with a newly created account as well, so the only thing the fraudster would gain is not having to create an account.
The general public has trouble discerning responsibility among multiple corporate citizens working together. Remember the "iCloud hack" from last decade was not actually a hack at all, just stealing passwords and downloading videos/images from cloud storage. Incidentally, that prompted Apple to turn on 2FA for all accounts.
Password strength requirements are an anti-pattern: they force users to pick passwords from a pre-determined list the algorithm comes up with, rather than passwords they can remember.
Even with the most secure password, it is still useful to have an additional gate to get past before being able to perform any actions on your account, You are in control; you could deny the 2FA for an attacker just by doing nothing, whereas kicking an attacker out after they've logged in with your password is a lot more difficult and requires active action on your part. I remember being paranoid checking the list of recent sessions (and clicking the "end all other sessions" button multiple times a day) in the old Gmail design, and also giving up as keeping an eye on that list 24/7 was futile and a waste of time. With 2FA, I don't have to.
2FA is great when you want it on an account. If it’s being forced on you however, it’s insanely irritating, often for no reason. The user should have the power to decide if that information is worth the extra protection.
To your point, what is an anti pattern is requiring certain special characters or a certain mixture of character sets while ignoring other valid safety approaches such as password length IMO. Regardless, if a user is constantly resetting their password due to forgotten password, that amounts to 2FA because of the emailed reset tokens anyway. Modern users have adequate access to password managers that it should be simple to put them back in control.
Rules like "At least one special character" are silly. But I like estimator (e.g. zxcvbn) based strength requirements. Plus checks against blacklist like hibp.
That's not surprising to me. Discord offers free hosting for a feature-rich IRC and group voice service. Nobody else did that.
A gaming clan no longer needs to maintain their own Teamspeak/Ventrilo server + their own website and forum. The convenience of having it all in one centralized program wins out over Discord's UX oddities, privacy concerns and more recent bloat. This ease of use also lowered the barrier to create a clan, so it captures a larger audience than its predecessors ever did. And yet it still provides powerful tools for moderation and user permissions, an API for chat bots, video streaming...
