48°F

Aaron Parecki

  • Articles
  • Notes
  • Photos

#2fa

  • Phishing Campaign Targets YouTube Creators With Cookie Stealing Malware To Hijack Accounts And Stream Cryptocurrency Scams - CPO Magazine (www.cpomagazine.com)
    "The hackers also used the “pass-the-cookie attack” to compromise YouTube accounts and take control. Google says that although the method has been around for decades, it has recently skyrocketed because of the adoption of multi-factor authentication (MFA)."
    #youtube #google #hacking #security #mfa #2fa
    Sat, Nov 6, 2021 8:14pm +01:00
  • Evilginx 2 - Next Generation of Phishing 2FA Tokens (breakdev.org)
    #hacking #phishing #2fa #security
    Tue, Jun 29, 2021 11:04am -07:00
  • Aaron Parecki
    lol the phone system is so broken https://twitter.com/josephfcox/status/1371509983842598918
    Portland, Oregon, USA • 45°F
    8 likes 4 reposts 1 reply
    #sms #security #2fa
    Mon, Mar 15, 2021 4:15pm -07:00
  • Aaron Parecki
    Me: I'm getting 2FA errors trying to add this device to my account

    Support: We received your request to disable 2FA. Confirm by telling us the date you last logged in.

    Me: No I would like to keep 2FA on, I just am getting this error msg.

    Support: Okay, we disabled 2FA.

    🤦‍♂️
    Portland, Oregon • 43°F
    3 likes 1 reply
    #unifi #2fa #support
    Thu, Feb 25, 2021 6:23pm -08:00
  • That’s not how 2FA works – Terence Eden’s Blog (shkspr.mobi)
    #security #2fa
    Sun, Jan 17, 2021 12:12pm -08:00
  • Two Factor Auth (twofactorauth.org)
    #security #2fa
    Fri, Jun 19, 2020 5:41pm -07:00
  • Aaron Parecki
    Stay safe out there kids https://twitter.com/digitallawyer/status/1181348689756864513
    Washington, Washington, D.C. • 64°F
    12 likes 14 reposts 1 reply 2 mentions
    #security #2fa
    Tue, Oct 8, 2019 9:27pm -04:00
  • Aaron Parecki
    Yet another example of why SMS is terrible for 2fa and account recovery.

    "the database — running on Amazon’s Elasticsearch — was configured with a Kibana front-end, making the data within easily readable"

    https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/
    Chicago, Illinois, USA • 39°F
    7 likes 9 reposts 2 replies
    #security #sms #2fa
    Fri, Nov 16, 2018 3:23pm -06:00
  • The Value of a Name (ello.co)
    as of Saturday morning my number had been forwarded to a number I did not recognize. Unreal. So, as far I can tell, the attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account.
    #security #2fa
    Fri, Oct 31, 2014 6:43pm -07:00
  • I work as a sales rep in-store for a telco. From a security perspective, it's ridiculous... | Hacker News (news.ycombinator.com)
    Anyone relying on two-factor auth with a phone number who uses my company is vulnerable. Simple as that. It would take a determined attacker a day to get control of your number.
    #2fa #security
    Fri, Oct 31, 2014 6:27pm -07:00
  • https://twitter.com/pebble
    Aaron Parecki
    @pebble I would really love to see the ability for notifications to include custom-defined actions for the three right buttons! For example, a notification arrives that says "would you like to approve this login?" and the top and bottom buttons say "Yes" and "No". Each button has a URL defined that will be requested when the respective button is pressed. This would make for a slick two-factor auth utility among other things, and could even be developed without writing any code that runs on the Pebble!
    Portland, Oregon, USA
    #pebble #2fa
    Fri, Oct 3, 2014 12:06pm -07:00
  • Aaron Parecki
    Thinking about two-factor auth at a nano level, requiring human confirmation before any client can actually post to your site via your micropub endpoint.

    For example, I sign in to barnaby's experimental Taproot interface but don't trust it entirely yet. Instead of giving him blanket access to post to my site, every time his app makes a request to my micropub endpoint, it goes and asks me for confiramtion before publishing.

    Either OOB confirmation (2-factor auth via SMS or something) or an OAuth-like confirmation dialog from the same browser window.

    #indieauth #micropub #2fa
    Portland, Oregon, USA
    2 likes 1 reply
    #indieauth #micropub #2fa
    Wed, May 21, 2014 11:10pm -07:00
next

Hi, I'm Aaron Parecki, Senior Security Architect at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming and dabble in product design.

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Security Architect at Okta
  • IndieWebCamp Founder
  • OAuth WG Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2023 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv