this post was submitted on 09 Oct 2024
1488 points (97.1% liked)

Lemmy Shitpost

26938 readers
4194 users here now

Welcome to Lemmy Shitpost. Here you can shitpost to your hearts content.

Anything and everything goes. Memes, Jokes, Vents and Banter. Though we still have to comply with lemmy.world instance rules. So behave!


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means:

-No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...

If you see content that is a breach of the rules, please flag and report the comment and a moderator will take action where they can.


Also check out:

Partnered Communities:

1.Memes

2.Lemmy Review

3.Mildly Infuriating

4.Lemmy Be Wholesome

5.No Stupid Questions

6.You Should Know

7.Comedy Heaven

8.Credible Defense

9.Ten Forward

10.LinuxMemes (Linux themed memes)


Reach out to

All communities included on the sidebar are to be made in compliance with the instance rules. Striker

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] yetAnotherUser@discuss.tchncs.de 2 points 1 month ago (2 children)

Mandatory MFA isn't a bad thing though.

If an old lady doesn't want to remember a password, should she be able to enter just her email/identifier without any verification?

[–] Rekorse@sh.itjust.works 1 points 1 month ago* (last edited 1 month ago) (1 children)

I just think they should be able to opt out. Its up to the patient what their security posture is. If they don't want it, they shouldnt be forced to have it. Just have them sign away their rights to sue the hospital or something along those lines.

I'm open to hearing an argument why it should be forced to use MFA even if the patient doesnt want it. I know at least one hospital my company works with that has it optional for patients who want it.

[–] yetAnotherUser@discuss.tchncs.de 2 points 1 month ago (1 children)

I think most people are just unaware of the risk that is involved. Healthcare information is some of the most sensitive data on a person and should be protected at all cost.

Some older people in particular have as much of a self-preservation instinct on the internet as toddlers in real life. If protecting them takes away a tiny bit of agency from them then so be it because they cannot be trusted with such decisions. I believe any reasonable person would use MFA because trading off a tiny bit of convenience for a significant amount of security is always worth it.

[–] Rekorse@sh.itjust.works 2 points 1 month ago

Most of these patients have already received emails from multiple healthcare organizations that their data was breached though.

The way medical data is stolen isnt through individual accounts usually unless you are famous or a politician.

[–] dan@upvote.au 1 points 1 month ago (1 children)

MFA doesn't really help much in the case of a tech illiterate person though, since TOTP codes can be phished just like username and password can. A scammer that calls them will just ask for the code in addition to the username and password.

My employer uses Yubikeys with FIDO2/WebAuthn for two factor auth, but that's probably too complex for a non technical person to figure out (even if it's basically just "press the button when it tells you to").

Well, TOTP prevents at least these attack vectors, even for tech-illiterate people:

  • Unnoticed data base leaks being used to gain full access to people's accounts
  • Credential stuffing (using another service's leaked credentials to gain access)

With TOTP there must be at least some contact between the "hacker" and the victim.