Multi-Factor – Should a 2FA app require authentication to grant access to 2FA tokens?

I do not know the theoretical background for 2FA and ask here.

I used some 2FA apps before Duo Mobile and Steam Mobile (Guard).
When Duo opens, your tokens will display as expected, but Steam will show your guard token, whether you're logged in or not. The Guard behavior grabbed my attention because I expected to be logged in first to see the token because the token is tied to my account unlike Duo where services are registered for use. Apart from that, Duo could use a main password (a la LastPass) to further protect the tokens.

My question then is whether the functioning of 2FA (especially for mobile apps) is considering whether a user should be authenticated in the 2FA app to gain access to tokens.

In my opinion, the security level is the same as that of SMS 2FA, where it can be assumed that only the real user can access tokens because he knows the PIN of the phone's lock screen. In this system, the phone is the authenticator, and exclusive access is granted by knowing the lock screen PIN. For 2FA apps, the app is the authenticator, but can not grant exclusive access. Anyone who has access to the app (imagine a shared phone where 2+ people know the PIN for the lock screen) can access the tokens.

Fully managed SSD reseller hosting plans! | Site building tools and full cPanel access!

Problem-free reseller hosting: Become a hosting provider without prior knowledge! The Hostwinds Reseller program makes it easy!


======================================= == ===========

************************************************** * ********************************

————————————————– ————————————————– ————-

ABOUT HOST WINDS

Hostwinds has been providing secure, award-winning hosting services to customers around the world ever since 2010!

We offer a variety of hosting packages from shared to VPS along with one 99.9999% availability guarantee,

Regardless of the chosen hosting plan

You can rest assured that our team will do everything they can to ensure you have a first class hosting experience.


————————————————– ————————————————– ————-

************************************************** * ********************************

======================================= == ===========

HOST WINDS Web hosting for resellers

The Hostwinds Reseller Web Hosting Program This is a great option for those who want to earn a simple income by selling award-winning hosting services.

The best part: NO TECHNICAL OR HOSTING EXPERIENCES REQUIRED!

Hostwind's technicians take care of all the server maintenance and management procedures, so all you have to do is sell.

Our reseller hosting plans are also coming with you 24/7/365 help of our Life. American support team,

Rest assured, you will receive immediate support from a Real person Every time you turn to our team of experts Live chat. phone, or Unterstüzungsticket,

Click HERE for more information about our reseller program



————————————————– ————————————————– ————-
************************************************** * ***************************
————————————————– ————————————————– ————-


———-
PRICING:
———-


BASIC Reseller Plan:

$ 3.29 a month

1 domain

ORDER NOW!


***************************


ADVANCED Reseller Plan:

4.23 USD per month

4 domains

ORDER NOW!


***************************


ULTIMATE Reseller Plan:

$ 5.17 per month

Unlimited domains

ORDER NOW!

————————————————– ————————————————– ————-
************************************************** * ***************************
————————————————– ————————————————– ————-

Each reseller hosting plan includes the following core features:

Unlimited number of MySQL users and databases
Unlimited FTP accounts
Unmeasured bandwidth
Softaculous Auto Install
An inode limit of 250,000
Latest version of cPanel
Unlimited e-mail accounts
Unlimited storage space
Unlimited subdomains
Weebly Website Builder
CGI Access


————————————————– ————————————————– ————-
************************************************** * ***************************
————————————————– ————————————————– ————-

HOST WINDS WEB HOSTING FOR WHITE LABEL RESELLER

The Hostwinds White Label Reseller Web Hosting Program allows you to sell our hosting services under the brand of your company.

In other words, the Hostwinds logo and / or the Hostwinds brand does not appear on what you sell!

Click HERE for more information on our white label reseller program

————————————————– ————————————————– ————-
************************************************** * ***************************
————————————————– ————————————————– ————-

IF YOU HAVE ANY QUESTIONS, WE HAVE ANSWERED

Please always have an open ear for our team Live chat or phone If you have any questions about our reseller hosting.

Click HERE to start Hostwinds Reseller Hosting!

Click HERE to start Hostwind's White Label Reseller Hosting!

We hope you have a spectacular rest of the day !

CONTACT
www.Hostwinds.com
Phone: 1.888.404.1279
E-mail: Sales@hostwinds.com

VPS in Europe [NL] starting at $ 5.35 | full root access, managed support included | 10% LIFETIME AUS **

===========================================
10% LIFETIME DISCOUNT ON ALL VPS PACKAGES.
Use coupon code: VPSGETWHT10

===========================================

Our servers are located in the Tier III data center in the Netherlands, Europe.
Test IP: 213.108.198.4. Test download files: 100 MB, 1 GB

• Free Managed Support on request. *
• Additional discounts for quarterly, yearly or longer billing cycles.
• Full root access
• SSD-based RAID 10 memory (Gr8 performance for most use cases)
• Monthly full VPS external storage backups included in all packages
• 2x Xeon E5 processors per server node.
• Easy-to-use ClientArea: manage your account and services from one place.
• SolusVM Control Panel: Separate access to manage only VPS services. + Whitelabeled API reseller accounts available!
• TUN / TAP / PPP (you can use any VPN)
• 100 Mbps or more connection for each VPS (multiple uplinks on each node)
• Free IPv6
• 99.9% availability guarantee
• 30-day money back guarantee
• Immediate setup
• Many Linux distributions to choose from. Custom operating system templates. Operating system templates on request.
• No contract
• 24×7 support (in-house team)
• LiveChat (CET) during the day.
• Up to 30 IPv4 add-ons per VPS for only $ 1 per IP for customers using our services for over 6 months.
Many payment methods available: Bitcoin, Paypal, Credit / Debit Cards, 2checkout, Webmoney / Paymentwall, Payza, BankWire.
We also accept AltcoinsEthereum, Ethereum Classic, Litecoin, Dash, ZCash, Monero, Dogecoin, Decred, BitConnect, PeerCoin, Waves, ZenCash, Ripple. Additional discounts when paying with ETH or LTC, read more

VZ-1
$ 5.35 per month | use PROMO VPSGETWHT10

1 CPU core
512 MB RAM
20 GB of storage space
100 Mbps connection
30-day money-back guarantee
10 IPv6 included
1 additional IPv4 add-on available
Basic managed support included
More info / Compare

VZ-2
$ 8.95 a month | use PROMO VPSGETWHT10

1 CPU core
1 GB RAM
40 GB of hard disk space
100 Mbps connection
30-day money-back guarantee
10 IPv6 included
5 additional IPv4 add-on available
Basic managed support included
More info / Compare

VZ-3
$ 17.95 a month | use PROMO VPSGETWHT10

2 CPU cores
2 GB RAM
60 GB of storage space
100 Mbps connection
30-day money-back guarantee
3 IPv4 included *New!

10 IPv6 included
10 additional IPv4 add-ons available
Basic managed support included
More info / Compare

VZ-4
$ 35.9 a month | use PROMO VPSGETWHT10

4 CPU cores
4 GB RAM
80 GB of storage space
100 Mbps connection
30-day money-back guarantee
4 IPv4 included *New!

10 IPv6 included
10+ additional IPv4 add-on available
Fully managed support included
More info / Compare

VZ-5
$ 71.95 per month | use PROMO VPSGETWHT10

8 CPU cores
8 GB RAM
100 GB of hard disk space
300 Mbps connection
30-day money-back guarantee
Premium managed included (+ Server monitoring on request)
5 IPv4 included *New!

10 IPv6 included
25+ additional IPv4 add-on available
More info / Compare

—————————-
We offer one a lot of OS Templates for customers, Some of them are available during the order, others are in the reinstallation list. This list will be updated from time to time.
Upon customer request, we can also add the specified operating system template.

If you have questions before buying, please do not hesitate Contact our sales team!

unity – How do I access a game uploaded to the internet?

Thanks for responding to Game Development Stack Exchange!

  • Please be sure too answer the question, Provide details and share your research!

But avoid

  • Ask for help, clarify or respond to other answers.
  • Make statements based on opinions; Cover them with references or personal experience.

Use MathJax to format equations. Mathjax reference.

For more information, see our tips for writing great answers.

c ++ – access to the value of an array of pointers

We know that we can dynamically create variables with pointers, such as:

int *p= new it (5)

we can access its value with the "*" as

cout<<*p;

However, this is not the case for the array. Consider the following code:

int size_array=5;
int * p = new int (size_array)

If we need to access the value of the first element, we proceed as follows:

cout<< p(0);

but why can not we do the same as for a dynamic variable like above? With "*":

cout <<*p(0)

Configure Thunderbird for IMAP access to Gmail Ubuntu 19.10

I do it all on Ubuntu 19.10 in the standard Thunderbird application that is installed with the operating system.
I'm having trouble configuring Thunderbird in a VMware environment.
I am using a VMware 15 workstation.
I'm having trouble using Gmail. I have discussed it here. Https://superuser.com/questions/1502126/13-66-gb-out-of-15-gb-used-in-gmail-delete-emails-that-consumed- space now I want to try the proposal to me is given.
So I started configuring Thunderbird in Ubuntu19.10 in VMware
Everything was automatic I did not enter any values ​​except my username and password. But I have an error as shown in the screenshot.
Thunderbird problem
In my Gmail settings, I checked if POP3 and IMAP are allowed. How do I configure Thunderbird in this environment for it to work?

API design – offline synchronization with changing access rights

We have a distributed application where a client synchronizes and makes changes to specific data areas with its offline storage. The data is structured in container entities "container" and entities "entity". Each "C" contains many "entities" and each "entity" must belong to a "container".

When the client is refreshed, it goes through its local Cs and uploads the changes to each E in that container. It will then query all entities of the current container that have changed since the last sync and modify / add them.

The system has a very detailed authorization system, which can sometimes lead to the following situations: A certain entity is no longer available to the client. How should the server pass this change on to the client? In the current situation, if the client requests changed entity of a container since the last synchronization time, it does not receive it -> because there are no access rights. If the entity has local changes, the server can inform the client when it tries to update it. But what if there is no need to synchronize local changes?

I have already explored the following solutions, but always noticed disadvantages:

  1. Search each local "entity" and see if it is still available -> too many requests.
  2. List all "entities" after synchronization and check which local entities are no longer displayed -> increases the load on synchronization requests.
  3. At the end, make a separate call to check which entities are no longer visible to the client because last synchronization -> query too complex.

The only possible solution I could find:

In the request to retrieve all entities that have changed since the last sync, you must also include those entities that are not visible but have a "deleted" state, such as "deleted".

{
  "id": "...",
  "state": "Deleted"
}

Then the client can respond and delete them.

This solution is feasible, but adds a lot of additional logic to the requirement.

Does anyone know a standard approach / design pattern or method? Every input is requested.

How do I fix the encryption after granting access to an app?

A few minutes ago, I granted access to the Lawnchair app so that my phone could be locked by tapping twice. I received a warning stating that this would "compromise" the encryption, so I need to authenticate myself. It turns out that my phone no longer asks for a password when booting. This worries me that my phone can easily be unencrypted. How do I get my encryption back?

I tried to remove access permission from the Lawnchair app, but my phone still does not prompt for a password at startup. I have also checked if the encryption is enabled in the settings. I have not tried a factory reset yet. I'd rather avoid that, but I'm ready if it's the only way.

I have Android 9 with a CAT S61 model (they use an almost standard Android OS, as far as I understand it).

Web Application – How do I configure Azure Web Apps to have the only access through CloudFlare?

I have a Web Apps (Linux) application on Azure and I've added a custom domain that I've protected with CloudFlare.

I added Azure Security Center to my subscription.

At the moment you can either access the application

  1. directly via example.azurewebsites.net or
  2. via www.example.com, which is protected by CloudFlare

How do I configure the Azure portal to have the only access to my web application through CloudFlare?

One idea I had was to add an Azure firewall and set a whitelist for the CloudFlare IP addresses, but I was wondering if there was an easier way (and I'm not sure how I got them should configure).

How do I access Electrum via the rest of the API?

I can make calls from the server on the server. When I say calls, I mean it. That means I can get the latest addresses like this:

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "http://127.0.0.1:7777");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "{"id":"curltext","method":"listaddresses"}");
curl_setopt($ch, CURLOPT_POST, 1);

$headers = array();
$headers() = "Content-Type: application/x-www-form-urlencoded";
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);
if (curl_errno($ch)) {
    echo 'Error:' . curl_error($ch);
}
curl_close ($ch);
print '
';
print_r($result);

The problem is, I do not want to have to do this on the server. I had hoped that there would be a safe way to do this remotely.

Can someone please tell me if this is possible? I tried to open port 7777, but I still can not access it. Is it intentional? As I can imagine, this is a security issue.

Thanks a lot!