I’m similar but it’s a side effect of my general gluttony. I’ll watch one episode and immediately want more. I didn’t intend to wait until the season was over to binge it all, but it just sort of happened because of life being hectic right now.

Solutions that work for a corporate application where all the staff know each other are unlikely to be feasible for a publicly available application with thousands of users all over the world

This is something of a hybrid. There will be both general public users as well as staff. So for staff, we could just call them or walk down the hall and verify them but the public accounts are what I’m trying to cover (and, ideally, the staff would just use the same method as the public).

Figure if an attacker attempts the ‘forgot password’ method, it’s assumed they have access to the users email.

Yep, that’s part of the current posture. If MFA is enabled on the account, then a valid TOTP code is required to complete the password reset after they use the one-time email token. The only threat vector there is if the attacker has full access to the user’s phone (and thus their email and auth app) but I’m not sure if there’s a sane way to account for that. It may also be overkill to try to account for that scenario in this project. So we’re assuming the user’s device is properly secured (PIN, biometrics, password, etc).

If you are offering TOTP only,

Presently, yes, but we’re looking to eventually support WebAuthn

or otherwise an OTP sent via SMS with a short expiration time

We’re trying to avoid 3rd party services, so something like Twilio isn’t really an option (nor Duo, etc). We’re also trying to store the minimum amount of personal info, and currently there is no reason for us to require the user’s phone number (though staff can add it if they want it to show up as a method of contact). OTP via SMS is also considered insecure, so that’s another reason I’m looking at other methods.

“backup codes” of valid OTPs that the user needs to keep safe and is obtained when first enrolling in MFA

I did consider adding that to the onboarding but I have my doubts if people will actually keep them safe or even keep them at all. It’s definitely an option, though I’d prefer to not rely on it.

So for technical, human, and logistical reasons, I’m down to the following options to reset the MFA:

1. User must contact a staff member during business hours to verify themselves. Most secure, least convenient.
2. Setup security questions/answers and require those after the user receives an email token (separate from the password reset token). Moderately secure, less convenient, and requires us to store more personal information than I’d prefer.
3. Similar to #2 except provide their current password and a short-term temporary token that was emailed to them when they click “Lost my MFA Device”. Most convenient, doesn’t require unnecessary personal info, possibly least secure of the 3. Note that password resets require both email token and valid TOTP token, so passwords cannot be reset without MFA.

I’m leaning toward #3 unless there’s a compelling reason not to.

I thought about generating a list of backup codes during the onboarding process but ruled it out because I know for a fact that people will not hold on to them.

That’s why I’m leaning more toward, and soliciting feedback for, some method of automated recovery (email token + TOTP for password resets, email token + password for MFA resets, etc). I’m trying to also avoid using security questions but haven’t closed that door entirely.

They’re separate queens and separate collectives/cooperatives.

The Jurati Cooperative is, as of the end of Season 2, guarding the spatial anomaly that formed in the beginning of S2. They’re completely absent from the third season. Which I can understand since S3 was a fan-service reunion (which I loved) and there just wasn’t room in the 10 episodes for them.

The queen from S3 is the same one from VOY: Endgame and First Contact and part of the same collective since they were first introduced in TNG.

The new one affected the other one?

AFIAK, no, they had no effect on each other. The alternate timeline queen (that turned into Queen Jurati) was not the same queen seen in S3 or elsewhere. That queen was from a 2401 that no longer exists. She and her cooperative only exist because they went back in time and took the long way back to 2401.

Loops finally seems usable now. I tried the beta a while back and it was kinda “Meh” but it’s improved significantly since. And you can browse on the website now, too. I’m not into short form videos, but credit where it’s due.

Well, I do like short form videos, but I hate panning for the gems and just let my friends send me the ones that rise to top.

I feel ya. The anti-US xenophobia has really been rising here lately and I’ve just been blocking and blocking and blocking. I’m fine and on board with criticizing what the current regime is doing, but the way they lump you (presumably?), me, and everyone together as if we all have cabinet level positions and personally signed off on each and every thing in the news is just straight-up ignorant xenophobia.

Why that gets a pass is beyond me. Moderation failures all around, IMO.

Yeah, to pretty much all that.

My experience here is generally pretty pleasant, but it took a LOT of work blocking untold numbers of communities, users, and instances to get here. Other on-boarding difficulties aside (for less savvy users), it’s just a big ask to expect them to do all that work just to not be hit in the face with all the negativity and raging and dig deep for everything else. Reddit may have numerous flaws, but at least I can go to the front page and it doesn’t feel like I’m walking into the midst of an angry mob.

My two cents is basically this: We did this to ourselves here. Elsewhere, we might have blamed the algorithms for pushing rage-bait front and center, but here it’s 100% organic (unless there’s just a massive bot problem which I don’t have reason to suspect).

I only say there needs to be less because that’s all that seems to get pushed to the top. Ever since I saw the few posts asking how to get new users here, I’ve been trying to put myself in their shoes and look at things raw and unfiltered like a brand new user would see. Sadly, now that I’ve looked, I can’t un-see.

The rest of us just need to get on their level with all our other hobbies and interests.

100% agree :) But those don’t seem to get the rage clicks like all the bad news stuff and get buried even on scaled sort.

there aren’t other NWSL/MLS fans out here, but could you please stop doing drive-bys and downvoting all my articles?

I don’t know what either of those are, but I just went and threw some upvotes to some of your stuff because it was non-political / non-news. And one of them was highly downvoted for reasons I cannot possibly fathom.

Item #10: Don’t be this person.☝️

Like, wow. None of what I said has anything to do with that. This is the kind of jumping to insane conclusions, putting words in peoples’ mouths shit that turns people away.

Us shit.

Good catch. Fixed!

What do you call Jeffrey Combs standing around by himself?

“A Star Trek convention”

And also Secretary of Treasury

Star Trek but without the show’s lessons…isn’t that basically just the Dominion from DS9?

The only reason I haven’t printed one yet is because I just cannot get a coat of paint to look good on PLA. Someone suggested acrylic paint, so I bought a set, and it just doesn’t look good no matter how many coats I apply.

Though this is big enough I might be able to get by with a can of spray paint.

if you have any inappropriate comments you’ve always wanted to make, now is the time to risk making them because they might not get caught in the backup!

https://www.printables.com/model/744653-horgahn-idol-from-star-trek-composite-for-tall-pri

Some assembly required :P

Loudly saying “Computer, end program” is basically part of my morning routine now. So far it hasn’t worked, but I keep hoping

Oh no offense taken at all, haha. Was just making a confession and trying to be funny about it.

Ah. I’ll admit, my TOS lore is lacking. Was trying to deflect with a smile and nod, but you caught me lol.