asmoranomar

Even better: Freeze them!!! Seriously, it tastes like banana ice cream. It's delicious!

Keep in mind, still discussing the underlying fundamentals and not the user experience.

MitM attacks are frequently covered in white hat hacking, often after an actual event takes place. It is considered a third party attack, and it does break trust. It is a security threat, and to claim it doesn't count is absurd. I've seen a few reports personally from internal, but I'm not at liberty to speak specifics about them. On the topic of replay attacks, TOTP is vulnerable, but passkeys are not (yet, I've seen people try though). This isn't the only type of MitM attack, and, again, both are somewhat vulnerable.

TOTP is nothing, nowhere similar to passkeys in any way. You do NOT generate codes with passkeys. Passkeys are a form of public/private keys that are used to create a challenge/response request and used to generate a digital signature. The keys are not passwords (aka "shared secrets"). Digital signatures are also not passwords. The only other thing I can think you mean by "code generation" is that you're using it as a generic catch-all, but that happens with....well everything (even passwords), depending on context.

I don't want to sound too much like a die hard passkey fan - and you are right - passkeys are extremely overkill if you use anything above a plain old password. In some cases, layered security can be just as effective. The problem is that most people do only use plain old passwords. If we can get any kind of extra security, even TOTP, then all the better. There are also some cases passkeys are not feasible, so it's good to have alternatives.

That's false, TOTP can and has been the target of man in the middle attacks, successfully. The implementation of passkeys makes man in middle attacks more difficult, but it could still happen. So both are susceptible to third parties to some degree.

As far as point of view, I was assuming we were talking about the process, since the goal of passkey UX is to be largely the 'same as'. Which, to be frank, is way less dedicated since both the implementation of passwords and passkeys can vary widely (2fa, email, id, otp, etc). If we exclude those, the UX is the same - some users might be even using passkeys and not know it.

TOTP is based on shared secrets, just like passwords. As such, it's susceptible to many of the issues passwords are and is much closer to passwords than passkeys. Passkeys on the other hand, don't have shared secrets and operate completely differently under the hood.

Perhaps he means the process of setting it up. Or when it doesn't work. Or when passkeys are lost. Or using another device. A lot of people's complaints about passkeys aren't really about when it works.

It's valid I think, but also some people forget passwords can have similar experiences. For one, there seems to be this idea that if you lose your passkey you get locked out of your account forever. The recovery process should be no different than losing your password.

No. It's a completely different process. It's a bad name for what it actually does. (Unless you're talking about how computers do things, then EVERYTHING is numbers)

Look up public/private key pair encryption. It's the process that has changed.

The problem with all these "what are passkeys" guides is that it's difficult to convey the differences between password and passkeys if you don't have a deep understanding of encryption or authentication systems.

Listen. If ICE can tell the difference between a citizen and an immigrant, then you can tell the difference between ICE and imitators. Right? ....right?

You can't create new ones afaik, but you can add and report tags. If enough users do either and it meets the threshold it will be added/removed. The order tags appear is also relevant, if the first tag is FPS then it's the most voted tag. I'm sure devs/publishers can set initial tags but after that it's users that maintain them.

It is a good idea to keep this simple in theory, but it also is exploitable. Especially since you can't search by tags set by users vs devs/publishers. Or the first 4-5 tags. I see a lot go into safeguarding reviews, but very little in tag abuse. There's cheep no effort games with a crazy number of tags - most people can identify trash, but if it can be abused, then what about other legitimate games?

Steam also categorizes tags in 4 types: Genres, Visual, Theme, and Features. It would be nice to search, say, games that are primarily one genre. When I search for JRPG, I don't want a City Builder that has JRPGish elements, but I'd be ok with a JRPG with City Builderish elements. You could really narrow down what you want if you used some advanced logic. But that's not simple, so I can see why they don't, I just wish I could if I wanted to.

But I'd have to disagree, if it's open to abuse, then it is a dumpster fire. The thing is that the alternative is....well they aren't doing it. It's one of the few things I think, if a competitor focused on and got right, would really hurt steam. But no one seems interested in doing that, so for now, steam is all we got.

Mr biggest problem with tags is that it's user curated and you can recommend an unlimited number of them.

Just because a game has a few funny moments, doesn't mean it gets the comedy tag. Just because it has a brief driving sequence doesn't mean it gets the racing tag. Just because there's some reading involved doesn't mean you get the visual novel tag.

It's getting to the point I feel like there's a conspiracy where there's teams of people intentionally sabotaging the tag system and teams trying to counter it, all so they can control views and sales. It's really noticeable when a publisher stops marketing and moves to another release.

I haven't been in the loop, but wasn't pragmata everyone's hope for a MegaMan reboot?

I get what you mean, you're not the only one. There are generations of games that have explicitly trained you on fast twitch button mashing with graceful dodge frames and intentionally engineered safeguards so rng is in your favor to bring about the best experience. And I'm not mocking you....it's just how it is and it gets me too. Trying to unlearn that is hard.

I also hate the 'difficult for the sake of difficult'. I know some people get a high over doing something incredible, but I don't get that from banging my head on the same thing over and over. Any souls, souls-like, souls-lite or weighty mechanics games like MH get a hard pass from me.

However, I really enjoyed Remnant, it's a mp souls-like - something about witnessing everyone's shenanigans but still being able to pick each other off the floor is a lot of fun. It feels different and more like what souls should have been (imho).

This is a case of 'it depends '. The damage isn't caused by something being on or off. It's everywhere. Disconnecting can isolate damage from small storms, but world ending storms have enough energy to jump air gaps and the surges would be faster than most breakers can react to. You'd physically have to rip the cables from your house to be safe. Smaller, battery powered devices would be more susceptible regardless if they were on/off. Batteries are a concern because you don't want them to incur damage/blow up due to an electric surge.

If this sounds overblown remember that during the Carrington Event, telegraph lines continued to operate for hours even after batteries were removed. In some cases, lines sparked and damaged equipment or personnel. These are very powerful storms that naturally induce electric current in circuitry.