That little countdown on 2FA apps stresses the shit out of me. I feel like I'm diffusing a bomb. If it gets into the red, I just wait. I can't handle the stress. - ThreadSky

emilyfreeman.bsky.social • 158 days ago

That little countdown on 2FA apps stresses the shit out of me. I feel like I'm diffusing a bomb.

If it gets into the red, I just wait. I can't handle the stress.

Comments

freddiecarthy.bsky.social•158 days ago

I feel seen

pimpy-stronghand.bsky.social•157 days ago

I can totally relate 😬

legacywhisperer.bsky.social•157 days ago

I so relate to this. I always end up McGruber.

sdmco.dev•158 days ago

It renders my brain incapable of remembering 6 numbers for more than 0 seconds.

alexandermarquardt.bsky.social•157 days ago

Use a hardware token like YubiKey; tap and done. Passkeys are another option that are gaining steam and can still be tied to a hardware token or device biometrics.

victori-ousg.bsky.social•158 days ago

I put the diehard soundtrack on to match

richburroughs.dev•158 days ago

lol yes. Been dealing with it for many years. We used to have RSA fobs where I worked, I think even in the late 90s.

marypcbuk.bsky.social•158 days ago

I had a job so long that my first RSA fob wore out and I handed my replacement fob in in 2001

jaygles.bsky.social•158 days ago

I had one at a client in 2017 😬

alan-knox.bsky.social•157 days ago

Yes! Wait for the next green. But it’s still not as bad as “find all the crosswalks”…

threddyrex.com•158 days ago

same. big "what's not a test but feels like a test" energy

profelarry.bsky.social•158 days ago

One word: Biometrics.

I hate 2FA.

simonallisonuk.github.io•157 days ago

I get the first 3 digits, put that in then it changes!! FFS

joshwenke.com•157 days ago

You should get a password manager that auto-fills your 2FA codes! So much better.

lokeshkavisth.bsky.social•158 days ago

Same! I feel like I'm starring in Mission Impossible every time. Tom Cruise could never. 😂💣

zerky.bsky.social•157 days ago

The best thing is that the red circle is usually a LIE!

The standard recommends that any service with 2FA should accept at-least the previous code (or even more!)

So while it turns red and “disappears” it’s still valid for 30 seconds - 2 minutes (unless the service is truly evil)

zerky.bsky.social•157 days ago

Source:

https://datatracker.ietf.org/doc/html/rfc6238#section-5.2

bnb.im•158 days ago

I’ve accidentally discovered it’s also often fake, there’s definitely a grace period in most of them now 🙃

ianmitchell.dev•158 days ago

I think the spec mandates that the previous value also is acceptable (going off an old memory here so grain of salt)

bernd.dev•158 days ago

Hardware Security keys or Passkeys for the win!

danielnguyen.me•157 days ago

Lmao so true 😂

averageatchris.bsky.social•158 days ago

Same. I always try to tell myself that I have plenty of time. But it is weirdly a stressor and end up waiting til it refreshes lol.

calvobianco.com•158 days ago

I pretend I'm Tom Cruise in Mission: Impossible.

But unfortunately I seem to be David Rasche in Sledge Hammer.

mralanspencer.bsky.social•154 days ago

The latter is more normal.

chosunone.bsky.social•157 days ago

I never understood, is it so much more dangerous to give me 5 minutes instead of 30 seconds?

mattjay.com•158 days ago

the body really does keep score...

emilyfreeman.bsky.social•157 days ago

Lol

tw33tzr4kidz.bsky.social•157 days ago

Firearms need MFA, especially using an authenticator on one's phone.

jbwharr.is•158 days ago

I prefer to look at as a game, when it’s red, it’s go time, can I copy and paste and beat the buzzer? 😂

hotmessactual.bsky.social•158 days ago

The timer makes me feel silly but for the same reason. Like hol on lemme just LOCK THE FUCK IN so I can sign into my Firefox account

greybeardseawolf.bsky.social•157 days ago

LOL me too, I have multiple sites I need to log on to for work and the level of stress the damn apps give me is crazy

metadaddy.net•158 days ago

I like to submit it after it times out, just to see if I can get away with it. There is a surprising amount of slack! 😃

centerorbit.bsky.social•158 days ago

I believe that's actually by design! To allow for a little bit of clock drift and server processing time... The only place I've had clock problems was Prusa3D's login, where I think their clocks are a little fast (or I'm a little slow 😅) and only the freshest of tokens are accepted there.

zerky.bsky.social•157 days ago

It is by design!

You can be multiple codes “late”!

Of course it depends on how the service implements it, but there is no need to panic :))

jonmatthews.com•158 days ago

IIRC the spec calls for 10 seconds. When I was at Duo the window was 20, maybe more!

brianmcentire.bsky.social•158 days ago

I hear the "24" timer every time

joeashwell.com•157 days ago

hahaha it’s horrendous ux!

dnsmichi.dev•158 days ago

Anything under 10 seconds is not doable for me with context switching. I'm also a waiter ;)

theycallhimbfg.bsky.social•158 days ago

That's how I feel when the "Next Episode" countdown timer starts during the credits. You have 10 seconds but it feels like 3.

robelder.bsky.social•158 days ago

I got into a bad(?) habit of not fully killing the 2FA app. I guess the clock skewed over the days/weeks I let it hang out running in the background. So while it looked like I had more time left services thoroughly disagreed, leaving me slightly paranoid

tedgoas.bsky.social•158 days ago

I love the thrill of launching a 2FA app and seeing the countdown already at ~7 seconds, like the race is on!

withenoughcoffee.com•158 days ago

Same 😅

q42.bsky.social•158 days ago

YMMV, but many sites give you a window of a couple of codes back to avoid that type of issues.

parsingphase.dev•158 days ago

Indeed - the TOTP *specification* requires one (IIRC) code back to be allowed. Almost all sites seem to honor it, but I've seen maybe one or two that don't.

dacut.bsky.social•158 days ago

Most of the federal government stuff I have to log into has this set to zero. Incredibly annoying...

octoturt.net•157 days ago

i mean, if anyone in the world should never, ever eschew security for the sake of convenience, it's probably the federal government

parsingphase.dev•157 days ago

Security is not enhanced by a failure to follow the specification in this case.

locnar1701.bsky.social•158 days ago

We used to have a contest in my last job, to see how close you could get to it hitting zero and it's still going through

osaigbovodo.bsky.social•158 days ago

I always wait for the next one, I don't want to have to wait for the third 😩

rush-fan.bsky.social•158 days ago

The old RSA fobs were even worse! The “bomb” was in your hand!!!

mikematt16.bsky.social•158 days ago

Perfect opportunity to see how fast you can copy/paste

mantcz.com•158 days ago

Same here! 😂

luislavena.info•158 days ago

You're not alone! I get SO anxious and the moment I copy it over start rushing to find the window/app that I need to paste that in... 😓

cyberlarry.bsky.social•157 days ago

It's like deciding whether to jump on a lift/elevator that probably has space for one more.

papierabreisser.bsky.social•158 days ago

richardhowes.tech•157 days ago

I feel that! No matter how few seconds are left I try catch the timer and not wait. Trick is not to rush and make a mistake imo.

“Slow is smooth and smooth is fast”
~ Navy Seals

dotbatman.com•157 days ago

I accumulate the seconds saved by not waiting for the countdown to start over… I’ll waste those seconds some other time!

dsuurlant.dev•157 days ago

omg me too. I can't deal with it once they're past half over.

cyberphilosohack.bsky.social•158 days ago

For every code that is wasted and not used, a small owl is put to sleep

I don't make the rules!

ttbidinger.com•158 days ago

It often works for minutes.

A new code is generated every 30 seconds, but the old code doesn't expire synchronously - old code remains valid and will be accepted for a period.

It's not that urgent!

digghedd.bsky.social•157 days ago

You can mostly exceed that count about 5 seconds. So you can relax actually.

dj.kz•157 days ago

Brb building a combo meditation/breathing and 2fa app, authentication nirvana.

nicolas17.xyz•157 days ago

If it gets into the red it should show me the next number too, so I can start typing it already.

josephryanries.bsky.social•157 days ago

probably for the best, adrenaline is a gateway drug

marktucker.bsky.social•158 days ago

In the style of Terry Pratchett's iconograph, I image a little imp in my phone constantly writing new numbers so that 2FA works.

marisamorby.com•158 days ago

Once it goes red I go into spy mode. My spy theme song plays in my head and when I put in the number before the time runs out I'm like, "I've just saved the WORLD. I am a hero."

shawnchittle.bsky.social•157 days ago

Ah the old “trigger the amygdala” trick. Works every time.

sandhilt.bsky.social•157 days ago

Over pressure.

gary.gg•158 days ago

It usually works for me even after expiring.

nabrahams.bsky.social•157 days ago

Can I remember 6 numbers in 4 seconds? Maybe, maybe not.

Am I going to try? Absolutely not.

subaud.io•158 days ago

https://www.rfc-editor.org/rfc/rfc6238#section-6

You've got plenty of time. Don't stress it :)

calvinhp.com•157 days ago

That is life changing!

johngoering.bsky.social•157 days ago

When I submit it after it runs out and it works, then without fail I feel obligated to quote this.

nathanielavery.bsky.social•158 days ago

Yes!!! So much yes!! A fortune will be made to the 1st vendor that licenses the theme to a major spy franchise to play while the countdown runs.

gradwell.ca•158 days ago

2FA generally will accept the expired code and the current code. For situations just like that

thomasburette.com•157 days ago

2FA. Making me realize I can't reliably hold 6 digits in my head at once under time pressure.

nico.fyi•156 days ago

in my case, i feel like I just wasted some numbers if I don't use it even if it's already red.

alexpez.bsky.social•157 days ago

graeyrobin.bsky.social•157 days ago

You should see how much leeway you get while doing this. Several seconds can pass beyond a rotation and the old code still works.

marko.social•158 days ago

Which wire to cut? 🤣
⏲️💥

missemgreen.bsky.social•158 days ago

Right Emily. From one Em to another it's not a bomb. Just get a wee half pint of something nice like a best bitter or a stout and sit in front of an open fire in a nice traditional old style pub and life will be all good. Ask for cheese and pickle sandwich if it's a good pub. Life will be all good.

emilyfreeman.bsky.social•158 days ago

Lol

tobiasthorin.bsky.social•157 days ago

My desire to travel to Britain has never been greater that it is at this moment.

missemgreen.bsky.social•157 days ago

Some Edinburgh based pubs do free cheese and crackers on a Sunday with a pint and you can read the Sunday papers. It's great chilled out vibes.

tobiasthorin.bsky.social•157 days ago

omg stop 🥵

spees.bsky.social•158 days ago

do other people remember all six numbers each time? i can't keep more than three in my head, i have to read it multiple times 😭

i partly blame it on the stress of the countdown

spees.bsky.social•158 days ago

1password autofill is a huge quality of life improvement for me

chillecho.bsky.social•158 days ago

alexkates.dev•158 days ago

I only apply codes when in the red but what’s a little more stress gonna do

lukekarrys.com•158 days ago

i feel this way about the disappearing screenshot preview on macOS. i take a screenshot and then panic to focus the window and drag the preview to it before it goes away

jsl.ee•157 days ago

if you use the screenshot-to-clipboard option (control+command+shift+4 (or 3) … open https://Preview.app and then hit command+n to create a new doc from clipboard content

I do this every day because I use Preview to annotate things with big red arrows. One of the best built-in apps in macOS, that one

jsl.ee•157 days ago

(You have plenty of time; it’s not disappearing from clipboard unless you then copy something else)

markus.polyscopic.works•158 days ago

This is why it’s so terrible that Authy ”cleverly” colours the numbers based on the average logo colour – makes any red-logoed 2FA entry look like it’s always about to expire.

irish-iiii.bsky.social•158 days ago

I Always stress with "I am not a robot.", I mean, what if I get it wrong?

chrislanejones.com•158 days ago

I wish we could use an app for it too, like Duo. I hate my txt messages feed being filled with "Do Not Share here is the code."

echohack.app•149 days ago

I use 1Password which autopastes when the prompt is detected automatically. No more countdowns!

veni.dev•158 days ago

lol same

"It's too close. Should I just wait for the next one!? No. I'll just try it and see if it works. No. It's too close."

Then I frantically type it in and it usually works 😅

davidgs.com•158 days ago

At least with macOS and iOS, you can copy/pasta from phone to browser and save some stress, but same. Total adrenaline spike every time.

digghedd.bsky.social•157 days ago

Some password manager put them into automatically but don't tell that it-sec folks.

internetskeleton.website•157 days ago

if you're on windows or Linux, look into KDE Connect. Super cool program. All my stuff in my house is paired up with it to share clipboard. Also lets me pause/play media on any device. I can pause YouTube on my desktop from my Android phone.

xan.lol•136 days ago

Wait, that works with Windows? 🤨🤯

xan.lol•136 days ago

No way https://apps.microsoft.com/store/detail/kde-connect/9N93MRMSXBF0

internetskeleton.website•136 days ago

Yep! Here is all the platforms they support (including a non-windows-crap store offline installer):
https://kdeconnect.kde.org/download.html

indu-alagarsamy.bsky.social•158 days ago

That has saved me so many times!!

ruben.codes•157 days ago

It’ll even just directly fill the code for you, no copy/pasta required, if you have it set up right. https://support.apple.com/guide/iphone/automatically-fill-in-verification-codes-ipha6173c19f/ios

andrea.red•158 days ago

Yes, 2FA codes are intended to last longer than the duration shown in the app. So don't worry, you can type it even if it's already changed.

dead-claudia.bsky.social•157 days ago

fun fact, time-based 2fa systems have some wiggle room on time because 1. your clocks aren't perfectly synchronized with theirs and 2. humans might take longer than the interval to submit the code.

matt.drollette.com•158 days ago

Ente Auth has a feature where it shows the "next code" in addition to the current one. So helpful. @ente.io https://ente.io/auth/

donnelson.dev•158 days ago

Very relatable. I really enjoy trying to submit the code at the very last second for that very reason. 😂

mcsetty.bsky.social•158 days ago

Push MFA is so much better

alexcooperdev.bsky.social•153 days ago

The amount of time it takes me to do a simple task increases as the time I have to do it decreases.

clara42.bsky.social•157 days ago

You see I love the chaos, how long can I wait? how long after it expires does it still work?
let’s play a game

andrewfeeney.au•157 days ago

“I call your bluff 2fa counter.”

gearon.org•158 days ago

Can I remember 6 digits as I switch between apps? I don’t have time to go back and check!

awj.dev•158 days ago

I had like one time where it got into the red, I typed it in, then the process of sending the request went over the line. After that, I wait too.

amy.bsky.social•157 days ago

Same. Same.

mero.tt•158 days ago

Haha. I’ve noticed that in most cases, the code still works at least a second after it resets. 😁

andrea.red•158 days ago

Usually, it still works for 30 seconds after it changes 😉

mrcomputerscience.bsky.social•158 days ago

Yes, I think 30 seconds is the standard.

(It gets even trickier if you're using an open source TOTP app on an airgapped system that doesn't have an internal clock. Now you have to go into the terminal and set the clock just so, lol.)

:x

mero.tt•158 days ago

Haha. OK, good to know!! Never bothered to look up the standard! 😁