#and log on to my email with a two-factor app | Explore Tumblr posts and blogs

ms-demeanor · 5 months ago

Note

I'm not the most security savvy but two-factor authentication makes me deeply suspicious. Is it actually more secure or is it just annoying? Especially the ones that send a code to your phone that pops up in your notifications.

It is genuinely, massively, TREMENDOUSLY more secure to use 2FA/MFA than to not use it.

One of our clients is currently under attack by a group that appears to be using credential stuffing; they are making educated guesses about the accounts they're trying to lot into based on common factors showing up in the credentials in years of pastes and breaches and leaks. Like, let's say it's a professional arborist's guild and their domain is arborist.tree and they've had three hundred members who have had their credentials compromised in the last ten years and the people looking at all the passwords associated with arborist.tree noticed that the words "arboreal" and "conifer" and "leaf" and "branch" show up over and over and over again in the passwords for the members of the professional arborist's guild.

So they can make an educated guess for how to log in to accounts belonging to the tree-loving tree lover's club, combine that with the list of legitimate emails, and go to town.

And they are in fact going to town. We're getting between 1000 and 4000 login attempts per hour. It's been happening for a couple weeks.

And every single one of those attempts is failing - in spite of some pretty poor password practices that believe me, I have been doing some talking about - as a result of having MFA enforced for the entire group. They all use an app that is synced to their individual accounts with a mobile device, except that sometimes you have trouble getting a code when you're up in a tree so some of them have physical MFA tokens.

People try to sign into my tumblr sometimes. To those people I say: lol, good luck, I couldn't guess my own password with a gun to my head. But if I *did* have some password that was, like "tiny-bastard-is#1" they would also need access to my email address because I've got MFA set up on tumblr. And to THAT I say: lol, good luck, it's complex passwords and MFA all the way down.

Of the types of MFA that most people will run across, the most secure to least secure hierarchy goes physical token>app based one-time-passwords>tie between email and SMS. Email and SMS are less preferred because email is relatively easy to capture and open in transit and cellphone SIMs can be cloned to capture your text messages. But if you are using email or SMS for your authentication you are still miles and miles and miles ahead of people who are not using any kind of authentication.

MFA is, in fact, so effective that I only advise people to turn it on if they are 100% sure that they will be able to access the account if they lose access to the device that had the authenticator on it. You usually can do this by saving a collection of recovery codes someplace safe (I recommend doing this in the secure notes section of your password manager on the entry for the site in question - if this is not a feature that your password manager has, I recommend that you get a better password manager, and the password manager I recommend is bitwarden).

A couple weeks ago I needed to get into a work account that I had created in 2019. In 2022, my boss had completely taken me off of managing that service and had his own account, so I deleted it from my authenticator. Then in 2024 my boss sold the business but didn't provide MFA for a ton of the accounts we've got. I was able to get back into my account because five years earlier I had taken a photo of the ten security codes from the company and saved them in a folder on my desktop called "work recovery codes." If you are going to use MFA, it is VITALLY IMPORTANT that you save recovery codes for the accounts you're authenticating someplace that you'll be able to find them, because MFA is so secure that the biggest problem with it is locking people out of their accounts.

In any kind of business context, I think MFA should be mandatory. No question.

For personal accounts, I think you should be pointed and cautious where you apply it, and always leave yourself another way in. There are SO MANY stories about people having their phones wiped or stolen or destroyed and losing MFA with the device because they didn't have a backup of the app or hadn't properly transferred it to a new device.

But it's also important to note that MFA is not a "fix all security forever" thing - I've talked about session hijacking here and the way you most often see MFA defeated is by tricking someone into logging in to a portal that gives them access to your cookies. This is usually done by phishing and sending someone a link to a fake portal.

That is YET ANOTHER reason that you should be using a good password manager that allows you to set the base domain for the password you're using so that you can be sure you're not logging in to a faked portal. If your password manager doesn't have that feature (setting the domain where you can log in to the base domain) then I recommend that you get a better password manager (get bitwarden.)

In 2020 my terrible boss wanted me to write him a book about tech that he could have run off at a vanity press and could give to prospect customers as a business card. That was a terrible idea, but I worked on the book anyway and started writing it as a book about security for nontechnical people. I started out with a very simple statement:

If every one of our customers did what we recommend in the first four chapters of this book (make good backups, use a password manager and complex unique passwords, enable MFA, and learn how to avoid phishing), we would go out of business, because supporting problems that come from those four things is about 90-95% of our work.

So yes, absolutely, please use MFA. BUT! Save your recovery codes.

830 notes · View notes

dearfuturehusbandblog · 10 days ago

Text

Guys, Guys, Guys (Pt2)

Dear Future Husband,

Would you like to meet a bunch of dudes who aren't you? Well, get ready to, because this is fun. lol

I would love to actually just screenshot some of their messages because some of it is wiiiiiiiild.

For now I'll present one guy.

I've shared my radical honesty dating profile here ages ago (which has gone through a few renovations, but is ultimately the same lengthy essay that has a bunch of gatekeeping notes - "all the reasons you shouldn't date me" type stuff). Now, since I shared that, I've hardly checked the site and for almost a year now, I actually had my profile disabled, since I had a lot of other stuff going on and didn't want to deal with it. But then, someone mentioned something to me about something they saw on the site and I reenabled to go look and totally forgot to disable again when I logged out. So I didn't realize it was sitting there open since Pesach time.

But how did I find out it was still open? I'm glad you asked. Well, it turns out that I needed access to an online account I set up years ago and I couldn't remember which email address was the login, since I couldn't access it with the three logins I knew about. So I went searching through all my email addresses (and yes, I have a ton of them for different things, long story). And when I opened the one associated with that form, I saw someone had actually figured out my sneakiness and emailed me through my website.

So, let's start with the guy who emailed before we get into the site messages.

Now, I had put a couple of easter eggs in my profile, two of which were phrases they were supposed to use when they contacted me so that I knew they read it, and the message above didn't include either. So I congratulated him on being the second person ever to figure this workaround for communication and then said I would be remiss if I didn't point out he used neither of the phrases.

He responded that he did... when he messaged me on the app. Well, buddy, I said in my profile that I couldn't read messages there because I don't have a paid account. But aside from that, I checked my chats and there were no requests from him there.

He also said that in those messages he included a short intro about how he's divorced with kids and why his demographic likes me, despite me saying I wasn't particularly interested in that demographic. Unfortunately, he couldn't figure out a way to screencap the messages to show me and they were not popping up at all on my end.

I asked what he liked about my profile and he said, "What I liked was your whole drasha about all the reasons your relationship likely won't work out. I found that ironic, brave, strange and strangely appealing. I've never seen anything like it." Which was very kind, and I told him so.

We chatted briefly about possibilities for why his message wasn't showing up on my end, during which he referred to himself as being in the "dreaded demographic" to which I responded:

Like I said in my profile, context matters for how/why someone ended up divorced, with or without kids, but having seen first-hand dysfunction with divorces, it's just a strong preference to not be embroiled in the drama when I have so much of my own already. 🤣 But I do have friends from divorced homes who married divorced guys with kids and bli ayin hara they seem really happy, so I know it's a doable thing, especially with good communication and coparenting. In general, I'm open to conversations with almost anyone because "ya neva know" and also, even if someone I talk to isn't for me, maybe I know someone for them, which I guess is also kind of a "ya neva know" thing. Lol

And then I mentioned something I hadn't included in the profile - that I'd like to make aliyah in 3-5 years. That will depend on a lot of factors, obviously, but he can't move since he shares custody with his ex. So this was my first hint that I wasn't really interested.

He then asked my full name and gave me his phone number for whatsapp. I stupidly gave my full name to "reciprocate" since he'd used his in his email signature, but I refused the phone number thing.

Apologies, but I don't give out my phone number to people I'm not super close with. This may sound nutso, but I feel like it makes things too casual, and as a schmoozer, that can lead to lowered inhibitions and crossed boundaries, which isn't my intention, and I feel that needs to be clear. While I can be friends with almost anyone, as a general rule, I don't have male friends. I have work colleagues and friends whose husbands I'll chat with whenever I see them, but I don't make a habit of texting with guys "for funzies," if that makes sense. I hope you can understand and don't take any offense.

To which he responded with a very interesting response...

I understand. It’s interesting that in your dating profile you also wrote something to the effect of your conversations “get strangely intimate,” or something like that. I don’t judge, as I am lonely and can easily fumble and fall in this area. But you’re very forthcoming about things that others are often ashamed of.

Now, pray tell—what are your intentions?

And if you don’t want to converse by text or phone, do you have dialogues over email? How does that work out for you?

Interestingly, while I haven’t had any “intimate” conversations by email in what are probably decades, way back when, before WhatsApp and other social media, emails had more potential and promise for intimacy and crossed boundaries. I remember as a bachur how my palms would sweat and my heart would pound when I got an email from the seminary girl I was into at the moment. Man, how things have changed!

Since I didn't respond right away, 20 minutes later he felt the need to clarify:

I guess I’m asking how you intend to date via email.

Which is a fair question, but my goal was never to date fully by email. It was to vet people by email the same way people do by chat on these websites. If I see potential, then we move on to the next phase. I'm not sure why that wasn't somewhat obvious....

I responded with my classic over-explaining lengthy essays, breaking things down by each point he touched on.

lol Yeah, by that I mostly meant that I'll have what I think are just fun on-off conversations with people, joking around, and then suddenly they're like "can I take you out sometime" and I'm like "uhhhh I thought this was just a light-hearted chat" and when I rebuff advances, the response I get is often them trying to convince me why my reasons for not wanting to go out with them is wrong. Unfortunately it happens online too, so I've had to block some guys in the past, but I find it way easier to block emails and profiles whereas, if they have my phone number, who knows what the heck they're gonna do with it, you know? I can believe most people aren't ill-intentioned, but when people get emotional they do irrational things, and I'd rather not be the punchline in that learning experience. It's kind of a "trust but verify" thing for me.

And I got into the whole "older lonely" thing, commiserating with how it is quite difficult and sharing an anecdote of a friend who is divorced with two kids, one just becoming bar mitzvah, and how she's shared stories with me of things she's done on dates with guys who claim to be frum.

I also explained that since I didn't realize the profile was open, I didn't really have any "intentions" because I wasn't really expecting to hear from anyone during that time. I also took the opportunity to download the app and see if his messages had come through (they hadn't), but when I had the app open, I learned that I could actually read the messages that were hidden behind a paywall on the website. So, that was a chiddush. And I shared with him how many guys had messaged with similar usernames but not the one he told me he used.

I took a slight tangent to share a message I discovered I'd received a few years ago from one guy in particular (which I will share shortly here) and then said:

All that to say, I'm super aware that my profile is a deterrent to most guys. That's kind of the point, if he actually took the time to read it (which he claimed to have). I'm not really all that interested in wasting time and energy (both emotional and physical) on people who are vying for my attention but aren't good matches. I understand we have to do our hishtadlush, but I also believe that everything happens when and how it's supposed to when we trust that Hashem is guiding the ship (even if a lot of those things suck big time). That means that I don't have to waste my time on people like that dude, no matter how triggered he was by what I wrote.

So I guess my "intentions" are... I'm not really sure... Since, until I saw your email, I didn't realize my profile was still open... But in general, I feel like on occasion it's important to test the waters and see what's out there. I can't claim to want to meet a guy but be a hermit all the time. At the very least, to give Hashem an opening through which to make miracles happen. And I think that can happen through email. At least to start, anyway. I can get a sense of who someone is, how they express themselves, whether they write with tons of typos and just don't care lol, and if things seem to be going well, at that point I'd coordinate a video chat or in-person meet-up. Kind of like using the chat on the app/website, but with a larger character count and better formatting.

To me email feels a bit more formal, at least nowadays. As media changes, I think the way we utilize them changes too, and while I used to be way more casual with email and had everyone call my home phone, now that we have phones in our pockets, I find those to be more personal and email to be more formal.

Also as I said in the profile, I think I'm a better writer than orator, so I find it easier to formulate my thoughts and not say things that I shouldn't say (not even for bad reasons, just cuz it's unnecessary or too much, which seems ridiculous considering how much I've already written here...) but I did warn that I'm a talker and over-explainer.

There was some other stuff thrown in, but that's the gist of it. Most of it was pretty generic explanation, not really personal. And I literally started off by explaining that because my personality is pretty approachable and agreeable and fairly funny, a lot of guys seem to take that as if I'm way more interested in them than I am.

But then, his response....

Okay, wow. So much to respond to! But I'd rather speak on the phone.

You clearly love (and are excellent at!) writing, but my profession (I'm an attorney) has squeezed all of the joy out of writing. (I used to write a lot; maybe I'll tell you about it another time.) So, while I understand your rationale for sticking to email, to me it's joyless, burdensome, inconvenient and alienating. And if the alternative creates temptations, so be it. We're grown ups trying to navigate and negotiate our love lives (or lack thereof), and the risks are inherent and inescapable. I once actually asked (for a friend, of course) a rabbi about whether a person should date even if they know they have a propensity for violating the laws of shomer negiah, or if it's better to just not date and stay single. He said the former is preferable; you deal with the temptations (and failures) as they come, but you aren't free to avoid the struggle just because the risks and liabilities are high.

I infer from your email that you're a real tzanuah. You are shocked that divorcees are fooling around, and the raciest conversations you ever had were with your chassidishe coworker about mental health subjects. While I admire your innocence, I am many, many, many miles away from you...

And yes, I like puzzles.

Looking forward with sweaty palms and a racing heart.

So, he basically starts with taking what I said as more interested than I am. He explained why, but also told me straight up that he wants to violate my boundary of no phone until I'm comfortable enough with how a conversation is going to make it person. He includes that he's clearly struggled with things like being shomer, which for me is a non-negotiable in my lie. And he ends with the line "sweaty palms and racing heart" basically saying that he's in to me in a way that I'm really just not.

And.... my guy.... no.

Just... no.

An hour later, at 2am, he follows up with:

Can you please remind me how old you are? Also, I think I recall from your dating profile that you’re politically conservative. Is that right? MAGA?

Like, what?

Honestly, I should have just responded "yes, i'm all gung ho for trump and musk." But I didn't read his message in the tone I should have...

Because I passed out on the couch and read his responses when I checked my phone at 3am right before I moved to my bed, I was half asleep when I read them and was immediately turned off by all of it. I drafted a response, which I then sent later without reading any of it again.

Kinda sounds like we're on different paths in life and looking for different things. But let me know if you want me to try connecting you with my divorced friend, since it sounds like you guys may be in a similar velt. lol She's the same age as me (36ish) with two kids, her oldest is just about bar mitzvah now. And, despite a lot of my stricter opinions and hashkafos, I'm more of a centrist with conservative leanings but that wasn't really an option when filling out the profile. Definitely not a MAGA. I thought both Trump and Biden/Harris sucked as options, and if I'd actually made it to the polls on time, I probably would have voted third-party. I used to be registered as a libertarian, just to buck the partisan system, but the libertarian party fizzled out and I got a notice it no longer exists in my state, so I think now I'm just an independent, though I don't know for sure. I hate politics. lol

Have an awesome, productive day!

Aaaaaaand his response:

Good morning. How did you deduce what I’m looking for? And what do you think I’m looking for? What do you think my hashkafos are? I actually have very frum hashkafos and am tznius, etc. All I’m saying is that you’re more innocent and dare I say naïve than I am. Is that a “path in life,” as you put it? Or is it a realization that even the best of us stumble and fall? Is it lewdness and uncontrolled lust, or is it a strong desire to connect in a natural, healthy (albeit halachikally premature) manner? I’m shomer negiah and am not looking for casual fun. I’m just saying that I don’t judge and I no longer blush (as you said you do and I should)… And while I’m sure your friend is wonderful, I like you and want to get to know you.

Why does my red-bloodedness (lol) scare you? Would you rather marry someone with weak impulses and no desire? Why does you come across as so passive and avoidant when it comes to shidduchim? Your whole profile is a giant warning to stay away. You said several times that you don’t really care but are just doing hishtadlus, etc. And you scare away so easily. What’s the catch?

—————

I used to be a super-conservative republican. When Trump entered the scene, I became a never-Trump Republican. After January 6, 2020, I registered as an independent. I voted for Harris (not that I like or support her, I’ll just take anyone who isn’t fascist over our president, who is) in 2024. I have severe TDS. I wouldn’t even kiss a MAGA Trumpster. I’m physically repulsed.

But, like, no, sir.

For so many reasons, no.

It might be "halachically premature" if you're already engaged, but when you've been texting back and forth for a couple of weeks and the first time you meet in person you essentially have your hands down each others pants on a park bench.... no. Just no.

I thought what I wrote was the nicest way to get things to end, I mean, we'd only been emailing for like 2 days, but he's immediately confrontational about it all. Like I've offended him somehow by saying I think we're on different paths.

He's mad that my dating profile is a huge warning sign, yet I explained both in a previous email AND in the profile why that is.

I think I rolled my eyes like 12 times just drafting a response, which I also probably shouldn't have done.

But as I said, I accidentally gave him my first and last name, and unfortunately I'm the ONLY one who pops up on google with that name, so a quick search directs to literally just me. And the idea of someone being mad at me and looking me up makes me super uncomfortable.

So the people pleaser I am responded like 13 hours after he sent that.

I think when I first read your response it came off a bit flippant and more casual than I tend to be when setting boundaries, particularly towards things like shomer negiah. I think znus is one of the greatest struggles of our generation and breaches of shomer negiah are a symptom of that. I’m far from innocent when it comes to exposure of inappropriate content, even though I generally attempt to maintain a clean mind and life, and prefer to come off as someone more tamim, because that's my ideal life, even if it's not my real life. (Dress for the job you want, and all that, you know what I mean?) Despite being interested in a lot of content I'm aware I shouldn't touch with a ten foot pole, as you said, we're not infallible, and overcoming those struggles isn't easy, particularly in light of how young I was when I was first exposed to some of this stuff.

You asked "Is it lewdness and uncontrolled lust, or is it a strong desire to connect in a natural, healthy (albeit halachikally premature) manner?" and I don't think those things are always mutually exclusive. As humans are complex creatures, I think it can be all or any combination of those things, but that doesn't make it right, especially when there are young children involved and the goal is to raise them to be talmidei chachamim, as is the case with my friend. She spends so much time and energy getting her kids into the right schools and tutored by the right rabbeim, and then she's on a park bench where anyone can see doing things she shouldn't be doing? It makes it worse that she's basically giving the guys what they want and then they disappear and stop responding to her, so she's left with a whole lot of "what did I do wrong?" which is terrible for her mental health and affects her ability to see herself as worthy of remarrying a great guy. I get the loneliness, I get the frustration, but kids absorb the energies of their parents and what she's giving off are not healthy vibes. But that's just my opinion. I obviously can't know exactly what goes on in her life or her home, I just know how she comes off to me when we talk. And that's not an indictment of everyone who does the same things, because everyone has their own toolbox of experiences that colors their decision making and the thought process around it. Some people are built for one-off encounters like that. But I don't believe most are, and I think it would take a hell of a lot of convincing evidence to prove to me that they are.

As for the "passive and avoidant," like I said, I honestly didn't realize my profile was open until you messaged, and I wasn't actively seeking a relationship in my current zman. My mom's health is rapidly deteriorating, I had to basically close up the business I was working at previously in like three days almost single-handed and got super sick, and I just started a new job about a month ago that I'm still adjusting to. Due to some life stuff I was unable to work for about 6 months last year, so I'm still making up for a lot of financial and medical stuff that came up, and things have just been a lot lately. I'm not so much avoidant as just busy and preoccupied, if that makes sense. And my profile is a big "don't waste my time" because (aside from my strong opinions on certain matters) my overall personality is pretty agreeable and inviting, which makes keeping lines clear a difficult challenge, particularly when it comes to rebuffing advances from guys I don't see as a good fit. As I said, I'm a schmoozer, and I can befriend almost anyone, but that doesn't mean I want to marry just anyone. I've seen a ton of dysfunction in my life, particularly in my own family, and I'm not interested in repeating those patterns. If that means surrounding my property with warning signs, so be it. But I feel I need to be clear about where I stand on certain things, particularly those that are essentially deal-breakers. Why waste my own or anyone else's time? We all have enough going on in our lives that shidduchim shouldn't be the complex mess that it's become today. Like, if it came to parnassa you wouldn't waste 3 months going through an application and interview process with a company just to find out the day before they're ready to hire you that you'd be sacrificing 80% of your time for 1/3 of a livable wage. Those things should be figured out immediately. So why would you waste weeks, and emotionally invest yourself in someone who isn't going to meet you where you're at physically, mentally, and spiritually? Best to get some of the big things out of the way first and if those are not deal-breakers, move forward from there.

But again, that's just my personal perspective on things, based on my lived experiences and the things I've witnessed first-hand. To that end, I should clarify that it wouldn't be "scared off" so much as quick (albeit, possibly impetuous) decision making, based on vibes. And that's something we're all entitled to do. Nobody gets to force anyone to be their friend, and in the case of frum relationships, as I said, I don't really do casual friendships with guys, so if I don't see something as a possibility for myself, I feel it's only fair to let the other party know instead of jumping to blocking or intentional ghosting. But that's kind of where over-explaining trips me up because as you can see, I can't get my fingers to shut up. lol

Interesting perspective on the politics thing. I don't think I know a single other person who voted for Harris. Ok, in the frum world, at least. I have no idea what my super liberal non-frum relatives did, but considering they tend to vote with their party and they'll never not be democrats... I'd assume they voted Harris. And most people I know aren't super rah-rah-Trump anything. They seem to view him as a means to a particular end - friend of Israel. I think I only know one person who's become an insane Trumpster, but around the same time she also became a crazy yechinik and started hocking MLM stuff, so.... yeah, I think she's gone off the deep end in more ways than one.

He messaged back pretty quickly:

Before anything else: what’s MLM?

So I explained that multi-level marketing is like pyramid scheme stuff that people hock and generally target their friends first on social media.

His response at 8:51am:

Gotcha. Thanks. I wish you and your less innocent friend all the best! Have a wonderful and successful life. I hope your mother does well and feels good.

And then at 1:37pm:

Just to clarify: I'm pulling the plug because it seems to me that you aren't interested in a relationship with me. I completely understand your rationale for not giving me your number, but the fact remains, you didn't give me your number. lol. So it is what it is. You seem very cool (and definitely very smart!), so things will IYH work themselves out for you. If you want to give me your friend's name, feel free to do so, but you don't have to.

And then at 9:56pm:

I feel like I disappointed you with my bluntness, and I'm sorry. I just understood your metaphor about the job application to mean that I should just gtfo.

Now, granted I'd been able to respond in the middle of the day for the most part over the LITERALLY JUST THREE DAYS we'd been emailing, but are people not allowed to have busy days and not respond immediately?

And... MY GUY... OY.

I'm pretty sure I had made several attempts at letting him know gently that this wasn't something I was interested in pursuing. So him saying goodbye was kind of a relief. Until he followed it up. Twice.

I responded the next morning:

Good morning! Totally not offended here. Yesterday was just super crazy at work and I had to run some errands after that were more involved than I thought they'd be. When I got home I literally just passed out on the couch, didn't even eat dinner or anything. #funlife

I messaged my friend asking if she was interested in me sending her info on a guy and she said she's actually seeing someone right now, which seems to be a new thing. If anything changes, I'll let you know!

His reply:

I was hoping you’d respond that I misread you and you actually are interested in me.

MY GUYYYYYYY. NOOOOOOOOOO.

At this point I realized I'd have to be more firm. So I responded:

Sorry, another crazy night helping people until too late to function. lol Honestly, if I did casual friendships with guys, you seem like a fun dude I’d probably hang out with. But since that’s not something I’m interested in, I’ll have to regretfully decline your advances. It may be primarily on my end, but I just don’t feel there’s compatibility here, especially in this season of my life. If it’s not right for one of us, it’s not right for both of us. That said, the right person is out there for each of us somewhere! I truly believe everything happens for a reason; maybe we’ve learned something from this interaction, or maybe we’ll think of someone for each other. If I think of someone who might be a great fit for you, I’ll definitely let you know! Shabbat Shalom!

And his final response:

Ok, good shabbos.

I can only hope that's the end of that.

I literally explained in the profile that this happens. I reiterated that in the email chain. And yet.... it happened again.

I'm really working on my ability to make things clearer and firmer but as someone who has a constant fear of offending people, it's really a difficult thing.

Suffice to say, my dear future husband, this man is, was, and will never be you.

I wish him the best, I truly do, and I believe there's someone out there for him, but I am not her. For so many reasons, no, dude. Just... no.

(more to come)

-LivelyHeart

Edit:

Ok, it's been 2 days since I posted this, but almost 10 days since I stopped emailing back and forth with this guy.

And this morning I woke up to this notification on my phone:

Yep. Same guy.

How many times do I have to say MY GUYYYYY.... NOOOO.....

🤦🏻‍♀️🤦🏻‍♀️🤦🏻‍♀️🤦🏻‍♀️🤦🏻‍♀️

#jumblr #frumblr #orthodox #jewish #frum #dating #jewish dating #shidduch dating #shidduch #shadchan #shadchanim #shidduchim #i am the shidduch crisis

16 notes · View notes

imsobadatnicknames2 · 1 year ago

Text

Microsoft's two factor authentication bullshit is getting so fucking wild that now I need to have a whole fucking app on my phone just to be able to log into my work email on my computer.

Sorry but if entering my fucking password doesn't immediately log me in but instead gives me a numeric code that I have to copy into an app on my phone and then entering that code prompts me to confirm my identity by either using the fingerprint sensor or entering my phone password then guess what. I'm gonna end up checking my work email a lot less often. Sorry if I miss an important email maybe consider using an email service that doesn't make me jump through five million hoops to log in.

It's not like we NEED this level of security I'm a fucking English teacher I'm not gonna have sensitive state secrets in my email inbox or some shit ffs. At this point what's even the point of having fucking password in the first place.

38 notes · View notes

hyumjim · 6 months ago

Text

Th stupid app they make me use every day for two factor authentication at my job loves to ask me “are you enjoying the app.” Don’t ask me no stupid fucking question. Duo mobile is so fucking needy everyday “DO YOU LIKE ME????” Like yeah every day when I hit the big green button to log into my work email I get so excited there’s nothing I love more than opening my work email so I can get work emails at work. “Are you enjoying the app.” Fuck.

11 notes · View notes

bowtiepastabitch · 1 month ago

Text

Digital Information Age my ASS we live in HELL. My computer is fucked up so I try to buy tickets for dashcon on my PHONE it wants me to download an app I say NO I try to get the tickets and they ask for a code so I go get the code and when I come back it’s kicked me OUT but they did take my MONEY so I don’t even know if eventbrite bought my ticket or NOT but since you lose everything when you leave the tab I have NO WAY to check and when I try to log into PayPal again my phon just tells me to go FUCK myself and when I try to read an article I can’t even SCROLL because there’s so many GODDAMN ADS and even TUMBLR for which I DID download a fucking app STILL doesn’t work as well as it did on my computer and when the FUCK did we decide that a phone should be a SHITTIER computer that lives in your pocket where websites DONT WORK and apps are required but they only KINDA work but everything needs two factor identification and pushing a pop up on my phone to confirm the freak using my computer is me and and emails that are treated as urgently as text messages so I can’t even throw my phone in a lake and be done with all this shit because you need a smartphone to do EVERYTHING these days. I fucking hate it here and I can’t wait to smash this thing with a hammer one day.

#anywho this has been my old man screams at sky moment for the day #the fact my generation is supposed to be the tech loving ones and I just #I hate it I hate it I hate it #why are people my age buying important shit like airline tickets on these stupid little boxes they’re so untrustworthy #get me the fuck out of here #and then gen alpha after us doesn’t even HAVE computer skills because they do everything on their phones #what the fuckkkkkkkkkkkkkkkk

4 notes · View notes

th3-c0ll3ct3r · 2 months ago

Note

1. Tubbo confirm himself in the clip that he only kissed her, to which she later confirmed it too. As pre the video

Tubbo made the video and She would confirm it AFTER the hacker had allegedly made the post.

Let me help you, hacker did their job -> Tubbo made the video -> She confirmed it. Then how did the hacker make such a lucky guess about what happened that night in Tubbo's house?

I didn't have to go past the first point for it. Didn't even use my two degrees on Physics. Can't believe what they are feeding these IT students these days ....

"HoW dId The HaCkEr MaKe SuCh A LuCky GuEsS?"

THE VIDEO IN QUESTION WAS FILMED WAS FILMED A YEAR AGO OF HIM AT A PARTY WITH HER, AND ALL HER FRIENDS AS THEY DRANK

youtube

My goodness it would take a genius to be like "Hey I'm making allegations that they both got drunk (as shown in he video from a year ago) and Tubbo S/A her while drunk"

To which they allegations never specified WHERE THEY WERE it only specified part they were at

So Tubbo, confused as fuck Tubbo, said they came to there place, kissed and then talked about Jazz

Them going back to Tubbo's place wasn't even in the original allegations

Bitch if I went to a party, got drunk, PUBLICLY POSTED ABOUT IT ONLINE, and then someone was like "(me) was harassed by xyz", I'D BE SO FUCKING DUMB BECAUSE THEIR EVIDENCE WOULD BE THE VIDEO FROM A YEAR AGO. WHY THE FUCK WOULD SOMEONE INCRIMINATE THEMSELVES

Now dear clear idiot. I shall explain how 2-step verification works and how it didn't work in this case. AhEm

1. 2-Step Verification is as it sounds, in which after attempting to log on to a platform, the platform holders will either send a text message (through phone number) , email/gmail/AOL (if your old), notification or another form of communication to ensure the person login in is actually, ya know, you.

2. 2-Step Verification became a thing on TikTok, official and refined, on February 2025 (very late tbh)

3. Your young people don't know that back in my day TikTok didn't exist. OMG HOW COULD THIS BEEE??? Because it was called Musicly before it rebranded to tiktok

And since Musicly was primarily a kids/teens/young adults app, who tf is hacking a child's account?? Ya know?

So up until before that point Musicly also didn't have 2-Step Verification. Which is important because that means this security measures didn't transfer over because they didn't exist

4. Listen Leandra is by no means old. But I will rest a hand on your shoulders when I say, Gmail was created in 2004

And if you were a kid/teen around that time, you were young enough to get a Gmail with your actual name, like full legal, government, on yo birth certificate name

Why this important? Because if your primary Gmail/email/AOL, if your full legal name or part legal name, then people have a higher chance of just guess your email or, putting down "forgot password", then linking it to their email address, getting the rights to change the password and then bam.

The only way this cannot happen is if you manual lock your Gmail to only known devices (but fr that takes to long ngl and plus you won't be able to work on something if you can't access the device that has the rights to your email and additionally if you lose that device then it's game over, try again, pack it tf up)

So if she made her Tiktok account via any of the emails, then it's done, sorted, etc...

4.1. Now let's say she made it with her phone number like Tubbo suggested.

You could gain access further:

Having the email/gmail/AOL be linked with your phone number as a contact/emergency contact (idk in what case Google would hit you up but they can ig)

Phising. Look it up. It's spelt with a PH but pronounced fishing. And it's much more common then you think

The most popular phone plan providers in the UK are EE and Vodafone, inwhich if you get a new SIM card in a new phone, you can call them to change the new SIM phone number back to your older on as I'd be more convenient. The thing is, literally anyone could call. Like anyone, all you really need is the either the email/gmail/AOL, or the make and model of the phone, to answer some relatively personal questions (which you can lowkey guess ngl), or live in the same area or they just say screw it and change the number. It's often very useful but THE MOST ANNOYING THING when someone tries to access your account, and depending on WHEN and WHERE you get the card they don't even send you a confirmation text because they assumed your the one calling.

But anyways, you'd only need to realistically find out the first few numbers of her phone number, if you went with this method, trial and error'd it till you got on that's active and you can at minimum text, then just straight up try to login in or call them.

This is a great time to mentioned that Snapchat is lowkey, unintentionally screwing people over with this, because you can check if someone has a Snapchat by their contact or trying to sign in with that phone number cause it'll say the numbers is already in use.

BUT ANYWAYS, it takes about 2-6 weeks to gain access to someone's phone number or Gmail/AOL/Email if they're born pre-2000s to early 2000s

My point being, you could just guesstimate her really name by putting it through bots, checking old posts, being in personal contact with them or like reallllyyyyy putting the effort into guessing

And this is why people are often told to regularly update or change both passwords, email/gmail /AOL password and even update their names to avoid this.

5. Leandra made her social media around 2023, for her official Lovejoy shenanigans, idk what they do tbh

And I'm in no way calling her old... But she's gotta be like minimum 2-6 years older then me putting her in the bracket of people who can get a G/E/AOL (I'm getting tired of writing I tbh) with their actual names

And since 2-Step Verification was a 2025 update on TikTok, it's likely that some people just don't have it because they're too lazy to update or set it up. But even then their are many ways to get around it.

I recommend looking at the BBC guide/explanation of multi-factor verification/ two step verification/ multi-factor verification: https://www.bbc.co.uk/programmes/articles/5VbNf6z14LS7bZ02L1NXcjG/how-to-set-up-two-factor-authentication

And to Look at this BBC bitesize link if you want to know more: https://www.bbc.co.uk/bitesize/guides/zf3bcj6/revision/6

And 6. To follow up on some misconception that I know you're probably gonna throw at me because let's be real here you just hate Tubbo and that's okay. You don't need to justify it, just dislike him and be done.

Misconception 1. For some reason people are saying that her Instagram and Snapchat were also hacked. I don't know if she has a Snapchat because I don't use it, but as for Instagram it has been confirm by many update accounts, people who know irl etc... That the insta is fine!

Misconception 2. Tubbo kissed her. Hahahahhahashhsshshslolklolol. Tubbo is gay, and it's been confirmed by both parties that she kissed him first, and apparently he freaked tf out. Because he's gay. And has been openly gay for like 1-3 years. Bit weird to call him not gay for getting a kiss from one women. Like girl do you not kiss your mom? Tf? No kissing the homies? Terrible friend you are.

Misconception 3. Tubbo cleared the allegations as well as her after the allegations were out... Because how tf are you meant to clear something that's didn't exist?

Misconception 4. The hacker got a lucky guess. Now. Stay with me here. Go find an AI prompter and type 'man and women get drunk at part, write something criminal' OR just use your imagination because you know they're at the same party from a video a year ago. And I literally peeped into my older siblings room and asked them "real talk, a man and women get drunk at a party and leave together, they get to his place and something criminal happens, what is that criminal thing?" LITERALLY the first thing they suggested. Murder was second and tax evasion strats were 3rd.

And finally 7. This is too you. Yeah anonymous asker. You.

Just like DM me because as funny as it is to post about this on twitter and laugh with moots, your cluttering up my page with unnecessary discourse. But your not gonna see this, are you?

Because you, yourself said you didn't read past my first previous point. Sooooooooooooooooooooo

But also also ALSO, if she's confirmed it didn't happen and he confirmed it didn't happen, and she confirmed she was hacked, as shown in screenshots above and previously, then why is this still a talking issue?

SHE LITERALLY SAID SHE WAS HACKED. IT WASN'T HER POSTING??

Like if you gonna be mad at Tubbo be mad that he's idk fight Sapnap or something

But you seem more upset that I'm suggesting the hacker could POTENTIALLY be a gnf fan or Wilbur fan by the way they're uproaring on Twitter. Need I remind you, humbly and respectfully, IT'S FUCKING TWITTER??!

I keep people on the loop, I ain't asking for your what ifs ngl. questions? Welcome. Petty insults and challenge stupidity? Nope.

As you can see with MUCH of my covering discourse and discussion content on both Twitter and Tumblr, I put allegedly on thing that are not 90% to 100% accurate, I stick it on rumours and provide both links and screenshot to back up point because I want to be as honest as possible.

Bro if my favourite mcyt was an asshole I'd hold them too it. If my favourite vtuber was a bitch I'd hold them too it.

But I've provided ample evidence both in my first post and this post with detailed explanation, links and breaking it down into sections, I EVEN LINKED EDUCATIONAL RESOURCES AND EXPLAINED EMAIL LORE AND WHY MILLENNIALS ARE ACTUALLY QUITE OLD

Like it's done. It's over. You ignorance, lack of real world perception, common sense, and critical thinking skills has lead you to a pre-made conclusion that please you and not the actual one. So congrats. Wish I could be that stupid.

And for the record, I got a 100% in both GCSE coursework units on Information Technology, covering a range of different topics including cyber security, and scored a 90% on the test (trust it hurts your hand writing that much)

Furthermore, I backed it up with links, educational links and screenshots reinforcing literally what I said/how it applies.

Don't doubt my intelligence. Doubt your own suckerrrr

2 notes · View notes

bronanlynch · 1 year ago

Text

my biggest grumpy old man opinion is that two factor authentication is evil. can't get into my school email bc the app isn't compatible with my phone, and I can't submit an IT request abt it bc I have to be logged in to access the request form

#tbf i already hated 2fa. couldn't get signal in the library in undergrad and didn't have intl data in grad school #so like. u can imagine how fun trying to use gdocs was #my other grumpy old man opinion is that i hate qr codes. in case u were wondering #dreaming.txt

10 notes · View notes

urdeadbestfriend · 9 months ago

Text

i can’t log in to the ea app without putting in a code sent to my old email i can’t open the email without a different code sent to my old email ok but if i’m trying to get into the email i think we’ve established that i don’t have access to the email. we need to kill two factor authentication

4 notes · View notes

longlivetv · 1 year ago

Text

Tonight on “I am my parents’ personal tech support” I had to log in to my dad’s gmail account in my youtube app on my phone so that I could confirm it was him when he tried log into his account on his youtube app on his phone so that when it tries to two factor authenticate him it actually works. We spent an hour going round in circles because they wanted him to access youtube on his phone when he wasn’t logged in to youtube on his phone. But if some guy in Nigeria wanted to log into his account, no problem, please enjoy his 4,009 emails with coupons to golf stores 🙄

4 notes · View notes

freebroccoli · 1 year ago

Text

Let me look at Coinbase real quick in my browser.

Oh, it logged me out. Let me just log back in with my password...

I need to verify through a notification send to the app on my phone, let me look at the app...

Oh, it logged me out of the app. Let me log back in with my password.

They need to text me a verification code. Good thing that's two factors, which should be enough.

"We don't recognize this device. Click the link in the email we just sent you." Okay, I'll switch over to Thunderbird and click the link in the email...

Oh, it has to be using the phone, not my laptop. Let me get into my email on my phone and click the link...

There, signed in on my phone. No notification. Need to go back to the site in my browser and resend it.

It's not working. Let's try another way to verify.

"We sent you a six-digit verification code by SMS."

3 notes · View notes

nehakumariblog · 2 years ago

Text

How to Recover If Your Facebook Account Is Hacked? Easy Steps

In today's digital age, social media platforms like Facebook have become an integral part of our lives. We use them to connect with friends and family, share our thoughts and experiences, and even conduct business. However, the convenience of social media also comes with security risks, and one of the most common problems users face is having their Facebook account hacked. If you find yourself in this unfortunate situation, it's essential to act quickly to recover your account and secure your personal information.

In this comprehensive guide, we'll walk you through the steps to recover your hacked Facebook account, protect your data, and prevent future breaches.

1. Recognize the Signs of a Hacked Facebook Account

The first step in recovering your hacked Facebook account is to recognize the signs of a compromise. Common indications include:

Unauthorized login notifications: Facebook sends notifications when someone logs into your account from an unfamiliar device or location.

Unusual activity: Strange posts, messages, or friend requests that you didn't initiate.

Changed password or email address: If you can't log in because your password or email address has been changed without your consent, it's a strong indicator of hacking.

Locked out of your account: If you're unable to access your account due to suspicious activity, your account may have been compromised.

2. Immediate Actions to Take

Upon suspecting or confirming a hack, take the following immediate actions:

Change your password: If you can still access your account, change your password immediately. Make it strong by using a combination of upper and lower-case letters, numbers, and symbols.

Log out of other devices: Go to Facebook's Security Settings and log out of all devices to prevent the hacker from continuing to access your account.

Enable two-factor authentication (2FA): Set up 2FA to add an extra layer of security. This usually involves receiving a code on your mobile device that you'll need to enter when logging in.

Check your email account: Ensure that your email account associated with Facebook is secure. Change its password and enable 2FA if you haven't already.

3. Report the Hacked Account to Facebook

To report your hacked account to Facebook, follow these steps:

Go to the Facebook Help Center.

Navigate to the "Security and Login" section.

Click on "I think my account was hacked or someone is using it without my permission."

Follow the on-screen instructions to secure your account and recover it.

4. Recovering Your Hacked Account

Facebook provides a dedicated recovery process for hacked accounts. Follow these steps to recover your account:

Visit the Facebook Account Recovery page.

Enter your email address, phone number, or Facebook username associated with your account.

Follow the instructions to verify your identity. You may be asked to provide a photo ID or answer security questions.

Facebook will guide you through the account recovery process, allowing you to reset your password and secure your account.

5. Check for Unauthorized Activity

Once you regain access to your account, review your activity log for any unauthorized actions, such as posts, messages, or friend requests. Remove any malicious content and unfriend or block suspicious accounts.

6. Strengthen Your Account Security

To prevent future hacks and secure your Facebook account:

Regularly update your password: Change your password at least every six months, and use a unique combination of characters for each platform.

Enable two-factor authentication (2FA): Ensure that 2FA is enabled to provide an extra layer of protection.

Review app permissions: Periodically check which apps have access to your Facebook account and remove any unnecessary ones.

Be cautious with emails and messages: Avoid clicking on suspicious links or providing personal information in response to unsolicited messages.

Educate yourself: Stay informed about common hacking techniques and scams to protect yourself better.

6. Monitor Your Account

Continuously monitor your Facebook account for any unusual activity. Facebook offers features like login alerts, which notify you of any login attempts from unrecognized devices or locations. Stay vigilant and report any suspicious activity promptly.

7. Protect Your Personal Information

Remember that hackers target personal information. Limit the amount of personal data you share on your profile, such as your phone number, address, and birthdate. Adjust your privacy settings to control who can see your posts and personal information.

Conclusion

Recovering a hacked Facebook account can be a stressful experience, but by taking swift and informed action, you can regain control of your profile and protect your data. Follow the steps outlined in this comprehensive guide, and remember to prioritize account security by regularly updating your password, enabling two-factor authentication, and staying vigilant against potential threats. With these precautions in place, you can enjoy the benefits of social media while keeping your personal information safe from hackers.

For More Information - https://www.linkedin.com/pulse/how-recover-your-facebook-account-hacked-neha-kumari