Joachim Viide
@jviide.iki.fi
https://jviide.iki.fi • A cruel and incompetent charlatan.
Seems that NPM too allows TOTP reuse within the time-step window. Seen a similar issue in multiple services over the years.
Per RFC 6238, a TOTP (Time-based One-Time Password) should be single-use. Allowing reuse, even within the short-ish time window, is not ideal (shoulder surfing, phishing etc.)
Per RFC 6238, a TOTP (Time-based One-Time Password) should be single-use. Allowing reuse, even within the short-ish time window, is not ideal (shoulder surfing, phishing etc.)
September 10, 2025 at 1:24 PM
Seems that NPM too allows TOTP reuse within the time-step window. Seen a similar issue in multiple services over the years.
Per RFC 6238, a TOTP (Time-based One-Time Password) should be single-use. Allowing reuse, even within the short-ish time window, is not ideal (shoulder surfing, phishing etc.)
Per RFC 6238, a TOTP (Time-based One-Time Password) should be single-use. Allowing reuse, even within the short-ish time window, is not ideal (shoulder surfing, phishing etc.)
NPM supports switching from Authenticator App (TOTP) based 2FA to more phishing resistant WebAuthn based 2FA.
Adding a WebAuthn security key and disabling the Authenticator App is a pretty quick process.
For example Apple Touch ID & Windows Hello work! Physical keys work too, but aren't required.
Adding a WebAuthn security key and disabling the Authenticator App is a pretty quick process.
For example Apple Touch ID & Windows Hello work! Physical keys work too, but aren't required.
September 9, 2025 at 12:36 PM
NPM supports switching from Authenticator App (TOTP) based 2FA to more phishing resistant WebAuthn based 2FA.
Adding a WebAuthn security key and disabling the Authenticator App is a pretty quick process.
For example Apple Touch ID & Windows Hello work! Physical keys work too, but aren't required.
Adding a WebAuthn security key and disabling the Authenticator App is a pretty quick process.
For example Apple Touch ID & Windows Hello work! Physical keys work too, but aren't required.
Enter the Hamburgerverse! www.dwitter.net/d/34078 #dwitter
for(i=1400,c.width|=0,x.globalCompositeOperation="xor";i>200;i-=i/6)x.font=`${i}px ä`,x.strokeText("🍔",960-(3+C(.8*t))*i/5,540+(2+S(t))*i/5)
for(i=1400,c.width|=0,x.globalCompositeOperation="xor";i>200;i-=i/6)x.font=`${i}px ä`,x.strokeText("🍔",960-(3+C(.8*t))*i/5,540+(2+S(t))*i/5)
July 2, 2025 at 2:23 PM
Enter the Hamburgerverse! www.dwitter.net/d/34078 #dwitter
for(i=1400,c.width|=0,x.globalCompositeOperation="xor";i>200;i-=i/6)x.font=`${i}px ä`,x.strokeText("🍔",960-(3+C(.8*t))*i/5,540+(2+S(t))*i/5)
for(i=1400,c.width|=0,x.globalCompositeOperation="xor";i>200;i-=i/6)x.font=`${i}px ä`,x.strokeText("🍔",960-(3+C(.8*t))*i/5,540+(2+S(t))*i/5)
Finally, the @preactjs.com team exposed as a bunch of shameless bloat peddlers!
(Check out the Standalone Preact Builder at standalonepreact.satge.net, it's really cool ✨)
(Check out the Standalone Preact Builder at standalonepreact.satge.net, it's really cool ✨)
December 20, 2024 at 9:45 PM
Finally, the @preactjs.com team exposed as a bunch of shameless bloat peddlers!
(Check out the Standalone Preact Builder at standalonepreact.satge.net, it's really cool ✨)
(Check out the Standalone Preact Builder at standalonepreact.satge.net, it's really cool ✨)
VSCode, the Dev Containers extension & its "Clone Repository in Container Volume" command are lovely for compartmentalizing your local dev work.
For example, the Preact Signals repo's (github.com/preactjs/sig...) .devcontainer setup handles things like installing a containerized browser for tests.
For example, the Preact Signals repo's (github.com/preactjs/sig...) .devcontainer setup handles things like installing a containerized browser for tests.
December 20, 2024 at 5:27 PM
VSCode, the Dev Containers extension & its "Clone Repository in Container Volume" command are lovely for compartmentalizing your local dev work.
For example, the Preact Signals repo's (github.com/preactjs/sig...) .devcontainer setup handles things like installing a containerized browser for tests.
For example, the Preact Signals repo's (github.com/preactjs/sig...) .devcontainer setup handles things like installing a containerized browser for tests.
Reaching another million user mark used to be a big deal, but now it's just Thursday. Well done, @bsky.app team 🦋
Also, thanks to @natalie.sh for bcounter.nat.vg. The digital confetti was a nice touch!
Also, thanks to @natalie.sh for bcounter.nat.vg. The digital confetti was a nice touch!
November 21, 2024 at 11:04 AM
Reaching another million user mark used to be a big deal, but now it's just Thursday. Well done, @bsky.app team 🦋
Also, thanks to @natalie.sh for bcounter.nat.vg. The digital confetti was a nice touch!
Also, thanks to @natalie.sh for bcounter.nat.vg. The digital confetti was a nice touch!