Vibecoding is the future

cm0002@sh.itjust.works · 13 小时前

Vibecoding is the future

prettybunnys@sh.itjust.works · 12 分钟前

This could also be a funny translation issue.

My bank sends a text message to me with the first code and a second code I enter.

They tell me the first code in a similar way so I can verify they sent it to me, then I enter the other code in the text.

da_cow (she/her)@feddit.org · 3 小时前

Assuming this is real, how the fuck do you fuck up so badly?

mcv@lemmy.zip · 2 小时前

What!? It’s more user friendly this way. No need to make the user switch to a totally different when you can tell them right here!

/s

(I hate pointing out sarcasm, but it’s better not to risk it these days.)

Treczoks@lemmy.world · 3 小时前

This could be vibe coding, or just an intern “doing the web site”.

Neither should have write access to production code.

Evil_Shrubbery@thelemmy.club · 6 小时前

Feels like testing feature, hopefully the screenshot isn’t from production.

AmbiguousProps@lemmy.today · 6 小时前

We test in production, silly.

VonReposti@feddit.dk · 2 小时前

Everyone has a test environment. Some are just lucky enough to have a separate production environment.

OppaGundamStyle@discuss.tchncs.de · 3 小时前

It’s the only way to fly.

Evil_Shrubbery@thelemmy.club · 6 小时前

vs

-RJ-@lemmy.world · 8 小时前

That’s up there with: "You cannot use this password, it’s already in use by … "

Seth Taylor@lemmy.world · 2 小时前

But that’s so practical. Maybe I can contact them and ask them if we can swap. Haha

Elvith Ma'for@feddit.org · 8 小时前

IIRC the screenshot in the tweet is from a shitpost in reddits r/badUIbattles

Scrubbles@poptalk.scrubbles.tech · edit-2 12 小时前

You’re absolutely right! It doesn’t make sense to show the user the 2fa code! removes 2fa completely

Uli@sopuli.xyz · 12 小时前

Oh, I get it! You still want 2fa, you just don’t want the code to be shown! colors the text white

ThePancakeExperiment@feddit.org · 11 小时前

No, no, make it ultra secure and display none it, every website will be a database of important information, you just have to put everything into a hidden table!!

PattyMcB@lemmy.world · 10 小时前

Font size 0

redjard@lemmy.dbzer0.com · 10 小时前

Oh you want the code not rendered into html!
Drops the code in javascript when it is received from the backend.

aberrate_junior_beatnik (he/him)@midwest.social · 13 小时前

It took me way too long to figure out what was wrong with this screenshot

Ilovethebomb@sh.itjust.works · 13 小时前

Yeah, same here. I was counting the boxes thinking they’d got the wrong amount of numbers.

shalafi@lemmy.world · 11 小时前

I counted the boxes 3 times. :(

Darkmuch@lemmy.world · 9 小时前

I need help. I don’t get it…

moriquende@lemmy.world · 3 小时前

No point sending the code to your phone when it’s displayed right there. The idea of doing this is making sure nobody has stolen your password, because they still need access to your phone before they can access your account.

teegus@sh.itjust.works · 9 小时前

The “secret” code sent to your phone is spelled out in the text

exu@feditown.com · 9 小时前

Just delay accepting the numbers for 10 seconds to simulate the time needed to check SMS and type them.

idunnololz@lemmy.world · 10 小时前

Sike! That’s the wrong number! /s

Psythik@lemmy.world · edit-2 9 小时前

It’s spelled “psych”, as in you’re psyching them out.

guy@piefed.social · 3 小时前

Nitpicking words like this makes me psich

idunnololz@lemmy.world · edit-2 9 小时前

It’s ok I’m oot of academia.

Cousin Mose@lemmy.hogru.ch · 12 小时前

SMS/email-based 2FA should die.

null@lemmy.nullspace.lol · 18 秒前

It’s wild how standard SMS is given how (relatively) trivial it is to exploit.

nogooduser@lemmy.world · 7 小时前

It’s better than nothing and some people would really struggle to do other types of 2FA.

djsoren19@lemmy.blahaj.zone · 2 小时前

I’ll be homest with you, some people really struggle with email 2fa. The amount of working Americans I have spoken with who don’t understand how to have two tabs open at once is genuinely frightening.

Natanael@infosec.pub · 7 小时前

As a reset method it’s worse than having nothing

ColdSideOfYourPillow@anarchist.nexus · 12 小时前

Luckily, you don’t even need to check SMS or input a valid number with the “verification” in the screenshot!

bamboo@lemmy.blahaj.zone · 12 小时前

mission failed successfully

Dharma Curious (he/him)@slrpnk.net · 8 小时前

What’s the best alternative?

nogooduser@lemmy.world · 7 小时前

App based 2FA is better. Either the app generates a time based code that you enter into the site or the site sends a push notification to the app asking you to verify the login attempt.

Passkeys are good too as they replace the password completely and leave the 2FA part to the device.

djsoren19@lemmy.blahaj.zone · 2 小时前

Okay, but then you have to develop an app

nogooduser@lemmy.world · 2 小时前

You don’t for the one time codes because there is a standard that is supported by many authenticator apps.

Victor@lemmy.world · 5 小时前

Passkey or notification please. So sick of entering these codes on a daily basis.

RaivoKulli@sopuli.xyz · 2 小时前

I just save the cookies tbh

Opisek@piefed.blahaj.zone · 5 小时前

If it’s alright with your threat model, you can put the time-based OTPs into your password manager of choice, like Bitwarden. Upon filling your username and password, it places your OTP in your clipboard, so that you can simply paste it in. This does of course reduce the security of the system slightly, since you centralize your passwords and your OTPs. When opting for this method, it is therefore imperative to protect your password manager even more, like via setting up 2FA for the password manager itself or making sure your account gets locked after something like 10 minutes of inactivity. The usability aspect is improved by using a yubikey or another similar physical key technology.

Victor@lemmy.world · 4 小时前

Very good point. I have Bitwarden set up as a passkey for at least one account. I should remove that. 👍

MonkderVierte@lemmy.zip · 5 小时前

Repost.