Of course everything can be hacked. When I think something is compromised, then I need to change everything. So far I didn't heard of any remote zero click compromise. With the fancy hacking tools of some companies, its not publicly known how they gained access. I suspect either physical access or some malware. But we are speaking on a high level of hacking, that most people don't need to be scared off. At that level, there are other things to worry about.

When we just look at the dangers an average person might encounter, this level of security is fine. I do had accounts compromised and I can exactly tell what my mistake was. One was sharing my password with someone else and not knowing how secure his devices where and not having 2FA. The second one was that I used the same password everywhere. At this point I was switching to generated passwords and still didn't had every account changed (the unimportant ones).

Of course Passkeys are by nature a more secure implementation, as you are unable to save plaintext passwords but there is one thing that this can't solve and that's being that they remove and reset your auth, without verifying your identity. Hackers still can steal session tokens and sites don't need to require additional authentification, when altering your authentification.

I quote myself from a different comment:

I just needed to think of the scene from the Simpsons, where Mr. Burns and Smithers go all through the security checks and in the end, there is a flimsy open backdoor, where a stray dog entered the room. All security in the front doesn't matter, if the backdoor is not secure at all and until the backdoor is that unsecure, I'm not willing to add money and time, to make the front door more secure.

The phone argument lacks a bit. Accessing the TOTP App and the password manager do require a separate authentification, to get encrypted. Sure if they snatch my phone away, when its fully unlocked, including my password manager, they have access for a limited time. They need to be fast enough, until I can remotly lock it or until it automatically locks itself. Android phones can now detect when they are stolen. Either by the movement or when it goes offline. The latter I tested and it's not instant, but you still don't have long.

I don't think about potential backdoors. If there is no known backdoor, then I deem it save. Sure they also could me to unlock the phone. This would be xkcd 538. And this applies to any security.

Adding more security and inconvenience doesn't make sense to me, so long the backend is shit. So far a few big companies did screw up hard in their backend and dozens of smaller sites do some bad stuff, that it doesn't really matter how strong your login is. Here I reference back to my quote.

In a closed system, like a company, this added security makes sense, as they usually control the backend as well. If my CEO would send me a text request to reset his logins, I would call him or walk to his office, and ask him directly. Sure with AI, they could impersonate his voice but I don't think they can impersonate his way to speak.

I didn't invested too much time into hardware keys but requiring additional software on other PCs, still is a no-go for me. With my current setup, I only need my smartphone and I always carry it around.

For business use, this is a whole different topic. With a proper setup, all machines would require the software and you shouldn't access these accounts outside from company devices. Its also an expense which the company must carry and its easier for them to handle backups. Also in that Setup, you can have SSO/LDAP, where you can physically proof that you are you and requesting resetting the MFA. With an online service, they usually require a weak proof, like just the access to an email account.

I just needed to think of the scene from the Simpsons, where Mr. Burns and Smithers go all through the security checks and in the end, there is a flimsy open backdoor, where a stray dog entered the room. All security in the front doesn't matter, if the backdoor is not secure at all and until the backdoor is that unsecure, I'm not willing to add money and time, to make the front door more secure.

Vanilla KeePass. The Dev isn't interested to providing a communication outside of its program, but he clarified, that plugins have all the right access, to do that but as it seemed to the dev, there is no dev interested to making such a plugin. KeePassXC does support it but they are still missing entry templates. This is the only missing feature that is holding me back to switch.

Or the obscure ways for 2FA/MFA. Passkeys are mostly cloud based. Yeah fuck no! The weakest Passkey is weaker than my usual random generated password, if the site don't do any shady business and require a weak password. Hardware keys are luckily not pushed for usage. I don't like them either. You require at least 2, for backup reasons. They also cost quite some money and they have zero auth. Just connect to usb and tap it. Also retrieving the backup and get a replacement for a defective one, takes some time.

Good old TOTP as 2FA is perfect, paired with a strong, random password. With my TOTP, I have an encrypted backup in my cloud, on my NAS, older backups in secure places and backup codes in several places. The TOTP App I use is open source and I have a mirror of the source code.

This should be enough security, if sites don't screw up all the time. You can bypass 2FA all the time. Even the credit card company screwed up big time. Usually you get 2 separate letters, one with your pin and one with your card. Both came on the same day. Also I actually didn't needed the pin in the first place. I was able to add the card to the app and see the pin there, without actually verifying anything, except the credit card number.

Maybe when passkeys are supported in my password manager, I will try it but so far it isn't and switching is not an option, as it doesn't support the features I need. There is an open issue for an alternative password manager, with that feature request and it has some people wanting it, but its still not added. But passkeys doesn't fix the issue for me using stronger keys, it fixes the site owners to allow stronger keys but they are still not required to use it. Some devs are just weird. I've read one PR for an FOSS project I use, where someone wanted to implement a universal oath or such stuff, that would support all types of external authentifications. Nope, the dev refused the PR and they wanted to stay at the 2 proprietary implementations, for 2 services, even though this universal implementation would work with these 2 too. I can't tell exactly what it was. I was experimenting with an auth service for my self hosted stuff, to not deal with several accounts and rights systems. This service was the first one which I wanted to switch and they didn't wanted to support it, leaving me with the standard login.

Hab mir die Zahl auf die schnelle von hier gezogen: https://www.destatis.de/DE/Themen/Gesellschaft-Umwelt/Wohnen/_inhalt.html Hab nicht extra recherchiert, wer Eigentum bewohnt, mit eigener Garage/Carport/Stellplatz. War mir auch nicht sicher, ob es so erfasst wird.

Und die Aufgabe des Staates ignorieren wir einfach mal gekonnt. Der Staat hätte schon längst was machen können, dass E-Autos attraktiver sind. Ladesäulen werden nur dort gebaut, wo es sich finanziell lohnt und nicht wo es gebraucht wird. Nur knapp 42% bewohnen Eigentum in Deutschland und haben damit eine Chance sich relativ bequem eine Lademöglichkeit zu bauen. Es gibt die Technologie Ladesäulen in Bordsteinen und Laternen zu packen, nur in Deutschland sehe ich es nicht. Es ist einfach unattraktiv pro Woche mehr Zeit fürs Laden auf zu wenden.

Natürlich sind fossile Treibstoffe endlich, aber die Regierung hat ja gar kein echtes Interesse für alternativen zu sorgen, weil sie eben ordentlich verdienen. Sieht man ja an unseren Nachbarländern, die den Sprit für deutlich günstiger anbieten. Würde echtes Interesse bestehen, würde man die Ladeinfrastruktur Sinnvoll ausbauen, so dass die meisten bequem und Stressfrei über Nacht laden können.

Also they aren't rated to get screamed at: https://www.youtube.com/watch?v=tDacjrSCeq4

Here people even "steal" books from public bookcases and sell them.

For people who aren't familiar, let me explain: These public bookcases are a weatherproof shelf, old phone booth or something in the streets. The concept is you can take any book and leave any book. There are no written rules and you can keep a book if you like or just read it and put it back. In recent years people started to scan the barcodes and checked what books they can sell. There is a debate going on if people should mark these books or not, so they can't be sold.

Kein Witz, so ähnlich sah es bei einem Kollegen von mir aus. Als guter Freund habe ich ihm Aufräumen geholfen. Depressionen und so. Der komplette Boden war mit Zeug voll und man musste sich erst mit dem Fuß eine freie Fläche zum hintreten frei machen. Ich hab auf dem Boden gepennt, neben Müll. Beim Aufräumen habe ich eine Alditüte entdeckt, mit TK Essen und auf dem Kassenbon stand, dass es da seit nem halben Jahr lag. Ja der war Einkaufen und hat dann sein Essen nicht mehr gefunden. Übrigens ich war noch nie so froh duschen zu können.

Aber ernsthaft: wenn ihr eine solche Situation vorfindet, hat die Person Probleme. Ich kann da jetzt kein perfekten Plan geben, wie man reagieren sollte, aber da ich selber betroffen war und ein Kollege von mir auch, kann ich sagen, man sollte die Person unterstützen und auch durchaus aufzwingen und so tun als ob es einen nicht stört. Jemanden zum Profi zerren ist die falsche Option. Hilfe muss man wollen und wenn man sie nicht will, würde es eher passieren, dass man den Kontakt zu der Person verliert.

Except no. First issue it's messured wrong. You messure a full package and then an empty one in the factory. Losses during shipping and so on is the problem of the customer. Especially meat looses a lot of water. People don't weigh the water in the cloth.

Also the little e (estimated sign, 76/211/EEC) besides the package does specially allow variations. Only the entire batch must be correct on average. But there is a limit on how much variations is allowed. And big companies are closely watched.

I program like I learned it? I use my German QWERTZ layout. A lot of keys are different, yes, but I grew up with this layout and I'm used to it. Imagine giving me a US QWERTY layout and I would misstype every time. I even hate it when Windows swtiches my keyboard layout, even though I removed the shortcuts to it and I misstype constantly. Heck even Visual Studio switched my shortcuts and it sucked.

After some time I realized that (Game) Devs suck, because they forget that other layouts exist. Its not a big deal, but at some point I realized that the Chats on T, Y, U makes much more sense on a QWERTY Layout. Also Markdown with ` kinda sucks. For a codeblock, I need to hold shift and press the key that is left of backspace 3 times and then one space, because when I press it once, nothing happens but pressing it a second time, 2 appear. Pressing space let it appear directly. Or I type 4 and remove one.

But this it what I'm used to. And if I ever would work outside Germany, I will bring my own QWERTZ keyboard and require them to install the German Keyboard. I don't need a German UI. I have all programming related software in English, because its easier to google stuff.