(Under 100 lines Challenge) Security Script

[KuJoe]

Just now, Alaradia said:

your computers in a data center? but i'm obviously not going to crack in while in the data center ill take them leave then decrypt when i'm in a safe place

The ones that I care about are. Anybody can break into my gaming PC, not to worried about that. By the time you decrypt them I'll be long dead so your children's children's children's children can enjoy my personal documents and tax returns. 

[SlushyG]

19 minutes ago, KuJoe said:

The ones that I care about are. Anybody can break into my gaming PC, not to worried about that. By the time you decrypt them I'll be long dead so your children's children's children's children can enjoy my personal documents and tax returns. 

Thats one way to do it

[KuJoe]

16 minutes ago, SlushyG said:

Thats one way to do it

The cloud is a good idea, but I only trust it if I own it. 

[SlushyG]

8 minutes ago, KuJoe said:

The cloud is a good idea, but I only trust it if I own it. 

Im an executive for a hosting company so I have many vps and dedicated servers for really cheap

[KuJoe]

Just now, SlushyG said:

Im an executive for a hosting company so I have many vps and dedicated servers for really cheap

Nice, I'm in the same boat.

[SlushyG]

Just now, KuJoe said:

Nice, I'm in the same boat.

#benefits  

[vorticalbox]

3 hours ago, KuJoe said:

Not a bad script, but you're looking at security all wrong. If you want to add security then passwords are not the solution. 2FA is the best and easiest method. Your solution is type a password and then typing another password, my solution is typing a password and then clicking a button on another device, significantly more secure since only the person with that device (me) can click that button whereas your solution lets anybody type both passwords.

agreed though at a certain point it gets annoying, like blockchain.info. You have a generated username, your password, email verification and then SMS codes. The problem here is if any step is inaccessible to me then so are is my wallet.

[KuJoe]

45 minutes ago, vorticalbox said:

agreed though at a certain point it gets annoying, like blockchain.info. You have a generated username, your password, email verification and then SMS codes. The problem here is if any step is inaccessible to me then so are is my wallet.

Security should never be convenient, but it shouldn't make a user hate it either. A lot of people don't use 2FA because most implementations are time consuming. I personally hate having to unlock my phone, open an app, and type in a 6+ digit number before it expires (and it's always my luck that there's less than 10 seconds left before it cycles) but this is the best solution most services offer. I like that now with Google services I can just click a notification at the top of my phone instead (and with self service options like DuoSecurity this is a great method of 2FA). I really hate how most critical services like Twitter, PayPal, domain registrars, and other payment processors only offer e-mail or SMS 2FA which is just bad and easily circumvented (as LMG found out the hard way). I basically carry two cell phones now, one strictly for 2FA with a number I don't give out to anybody and my primary cell phone which the number is publicly available.

 

I have a nice shirt from EMC's RSA SecurID division that says "friends don't let friends use passwords", it's very true but unfortunately their RSA tokens aren't the answer either.

[RGProductions]

If{not me} uses PC 

then{turn off}

/s

I need to learn something about programming