this post was submitted on 23 Jan 2026
79 points (100.0% liked)
196
5299 readers
920 users here now
Community Rules
You must post before you leave
Be nice. Assume others have good intent (within reason).
Block or ignore posts, comments, and users that irritate you in some way rather than engaging. Report if they are actually breaking community rules.
Use content warnings and/or mark as NSFW when appropriate. Most posts with content warnings likely need to be marked NSFW.
Most 196 posts are memes, shitposts, cute images, or even just recent things that happened, etc. There is no real theme, but try to avoid posts that are very inflammatory, offensive, very low quality, or very "off topic".
Bigotry is not allowed, this includes (but is not limited to): Homophobia, Transphobia, Racism, Sexism, Abelism, Classism, or discrimination based on things like Ethnicity, Nationality, Language, or Religion.
Avoid shilling for corporations, posting advertisements, or promoting exploitation of workers.
Proselytization, support, or defense of authoritarianism is not welcome. This includes but is not limited to: imperialism, nationalism, genocide denial, ethnic or racial supremacy, fascism, Nazism, Marxism-Leninism, Maoism, etc.
Avoid AI generated content.
Avoid misinformation.
Avoid incomprehensible posts.
No threats or personal attacks.
No spam.
Moderator Guidelines
Moderator Guidelines
- Don’t be mean to users. Be gentle or neutral.
- Most moderator actions which have a modlog message should include your username.
- When in doubt about whether or not a user is problematic, send them a DM.
- Don’t waste time debating/arguing with problematic users.
- Assume the best, but don’t tolerate sealioning/just asking questions/concern trolling.
- Ask another mod to take over cases you struggle with, if you get tired, or when things get personal.
- Ask the other mods for advice when things get complicated.
- Share everything you do in the mod matrix, both so several mods aren't unknowingly handling the same issues, but also so you can receive feedback on what you intend to do.
- Don't rush mod actions. If a case doesn't need to be handled right away, consider taking a short break before getting to it. This is to say, cool down and make room for feedback.
- Don’t perform too much moderation in the comments, except if you want a verdict to be public or to ask people to dial a convo down/stop. Single comment warnings are okay.
- Send users concise DMs about verdicts about them, such as bans etc, except in cases where it is clear we don’t want them at all, such as obvious transphobes. No need to notify someone they haven’t been banned of course.
- Explain to a user why their behavior is problematic and how it is distressing others rather than engage with whatever they are saying. Ask them to avoid this in the future and send them packing if they do not comply.
- First warn users, then temp ban them, then finally perma ban them when they break the rules or act inappropriately. Skip steps if necessary.
- Use neutral statements like “this statement can be considered transphobic” rather than “you are being transphobic”.
- No large decisions or actions without community input (polls or meta posts f.ex.).
- Large internal decisions (such as ousting a mod) might require a vote, needing more than 50% of the votes to pass. Also consider asking the community for feedback.
- Remember you are a voluntary moderator. You don’t get paid. Take a break when you need one. Perhaps ask another moderator to step in if necessary.
founded 1 year ago
MODERATORS
aaaaalmost completely. Knowing a second piece of information technically counts, it's just like ... about as secure as using someone's SSN for the 2fa, which is absolutely stupid.
I'll give you one better. For a certain thing, the university I attend decided to use birth numbers as a password. And that was the only factor.
Mind you, in Slovakia, the birth number consists of birth date + random 4 digits.
Much safety.
Anyway, SSN doesn't expire in less than 4 hours.
That's why it's 'about' as stupid. Many US services only really need basic PII to at least set up an account, which is scarily low levels of security.
You know employees are taping this to their cubicle lol all it would take is some white hat grabbing it off your desk before you all have to do special training from IT
This is different from an employee leaving their 2FA device at their desk how?
Most 2FA is software on someone's phone, like Microsoft Authenticator. Its not different from leaving a device. It is very different from leaving your phone.
I don't follow what you're trying to say here. (The last 2 sentences contradict in my mind)
Anyway, phone vs this tomfoolery, it might not be more/less secure, just different.
What's on paper is all there will be, as it doesn't include the secret for generating additional codes.
Phone has that, but also has a screen lock. Whether that is easy to bypass will depend on environment, but after the first unlock, it is at least realistic.
Plus you have people like my father who go by "no lock, nothing to hide".
For immediate exploit, paper looses.
For later persistent exploitation, phone looses.
Also, no one's going to have endless scrolls of codes like this. 2 pages for less than 4 hours. Round that up to 2 hours per page, that would be 12 pages per day, 360 pages per month, 4,380 pages per year.
I had to do this, because it was a requirement (they even recommended to print out the password). Actually, they didn't mention 2FA, just to print out the password (and no use of personal devices). This is the best I could do given the environment.
There are purposed 2FA devices that aren't your phone. Leaving one of those laying around is about the same security level as leaving these papers is what that says. Either way that sounds like ass to deal with regardless of how secure it is. Give me Aegis or give me death.
Oh, how could I forget that. My bank uses them. But it also needs my (physical) debit card and its PIN.
Bit cumbersome to use.
It feels like fifteen tons to login anywhere in the modern day.
No? Two separate pieces of information aren't two factors.
But this would be the factor "ownership" and "knowledge". Anyone attempting to hack into OP's account needs both the paper (or a copy thereof) AND the password. Just like withdrawing money from ab ATM requires the card and a PIN.
Though the fact you can easily copy the paper makes it a pretty weak "ownership" factor. Just like how using eye color would be a pretty weak "identity" factor.