My1

wait a sec I have to intervene. firefox just shows a warning page but when you trust the lock turns green and everything is ncie. chrome instead makes it red and slashes out the https.

the problem is really that users need to be aware of a possible false sense of security and I think that users shouldnt carelessly connect to a self signed cert (unless it is DANE'd)

while with unencrpyted the user sees "okay it's not encrypted, better be careful", but many people get a false sense of security from the lock (the reason why FF4-13 removed the lock, which was quite an intresting idea in my opinion.

I would maybe instead of crossing the lock, throw a question mark next to it (as in the fact that the real identity of the key is unknown)

throwing that intermediate page should maybe be a little bit more neutral, similar to ssh connection dialogs, but then SSHing people usually have a bit more knowledge than the average user.

My1

Keybase proof

I hereby claim:

• I am My1 on github.
• I am my1 (https://keybase.io/my1) on keybase.
• I have a public key whose fingerprint is 5BE1 825C 1ECD 3A6F 8222 956C 9A1B 0068 DA1C 4748

To claim this, I am signing this object:

My1

/*!
Written by My1 (github.com/My1, twitter.com/My1xT, blog.my1.tech

you can use, modify, share, etc. this little piece of code but please keep this comment. (basically a CC-BY)
*/


body, td, input, textarea, select {  /* force fonts */
	font-family: arial, sans-serif;
}

My1

<?php
// specify your css-files and their order here
$cssFiles = array(
  'normalize.css', 'style.css', 'print.css', 'colorbox.css'
);
// the file to write the compressed css to
$minFileName = 'minified.css';

// thats all, just call this file in your browser and it will
// build you a minimized css-file. then just link to this single

My1

<?php
$dbhost="use";
$dbname="your";
$dbuser="own";
$dbpass="database";
$table="table";

function bin2uuid($bin) {
    $uuidReadable = unpack("H*",$bin);
    $uuidReadable = preg_replace("/([0-9a-f]{8})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{12})/", "$1-$2-$3-$4-$5", $uuidReadable);

My1

BEGIN MESSAGE.
LMaDc9Nz3FMfsfk mWOqJUOL21AsBtj edoVStoOERtxjGB CHRsNVwN6Rvfawp
cFgS4Nx0VCknA5G CNAjALLywgZTCKq 6Xr2MZHgg4ixAWO 8xSqfXZA7t2i3rp
CQVaMrbOURcEUDu VTMjKRQOdTIYklj wAOLiChq6Cdf1ga blMhoKl1aeTDICF
CdX6Mx6fLEjmj74 GoT2LYkqulHQsmr gsf.
END MESSAGE.

My1

Generating Authy passwords on other authenticators

---

There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.

Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes for you to use on your favorite authenticator.

His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that Brian used the

My1

AB1N	a
AB1E	aah
AB1S	abacus
AB1W	abide
AB2N	able
AB2E	abroad
AB2S	absurd
AB2W	acadia
AB3N	ace
AB3E	aced

My1

<!doctype html>
<html lang="en">
  <head>
    <!--
    inspired by Mozilla Webauthn documentation: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
    copyright: 2019 Nicolas Mora <[email protected]>
    license: MIT
    -->
    <title>Hmac-Secret webauthn Extension</title>
    <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/[email protected]/cbor.min.js"></script>