Aaron Parecki

#2fa

• 

  I'm a big fan of using more secure two-factor authentication methods like a security key or TouchID, but I will admit I never expected charging people to use SMS would be a viable strategy to get them off it 😅 https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter

  Portland, Oregon, USA • 43°F

  46 likes 6 reposts 12 replies

  Fri, Feb 17, 2023 9:26pm -08:00 #security #2fa #mfa #twitter
• Phishing Campaign Targets YouTube Creators With Cookie Stealing Malware To Hijack Accounts And Stream Cryptocurrency Scams - CPO Magazine (www.cpomagazine.com)

  "The hackers also used the “pass-the-cookie attack” to compromise YouTube accounts and take control. Google says that although the method has been around for decades, it has recently skyrocketed because of the adoption of multi-factor authentication (MFA)."

  Sat, Nov 6, 2021 8:14pm +01:00 #youtube #google #hacking #security #mfa #2fa
• Evilginx 2 - Next Generation of Phishing 2FA Tokens (breakdev.org)

  Tue, Jun 29, 2021 11:04am -07:00 #hacking #phishing #2fa #security
• 

  lol the phone system is so broken https://twitter.com/josephfcox/status/1371509983842598918

  Portland, Oregon, USA • 45°F

  8 likes 4 reposts 1 reply

  Mon, Mar 15, 2021 4:15pm -07:00 #sms #security #2fa
• 

  Me: I'm getting 2FA errors trying to add this device to my account
  
  Support: We received your request to disable 2FA. Confirm by telling us the date you last logged in.
  
  Me: No I would like to keep 2FA on, I just am getting this error msg.
  
  Support: Okay, we disabled 2FA.
  
  🤦‍♂️

  Portland, Oregon • 43°F

  3 likes 1 reply

  Thu, Feb 25, 2021 6:23pm -08:00 #unifi #2fa #support
• That’s not how 2FA works – Terence Eden’s Blog (shkspr.mobi)

  Sun, Jan 17, 2021 12:12pm -08:00 #security #2fa
• Two Factor Auth (twofactorauth.org)

  Fri, Jun 19, 2020 5:41pm -07:00 #security #2fa
• 

  Stay safe out there kids https://twitter.com/digitallawyer/status/1181348689756864513

  Washington, Washington, D.C. • 64°F

  12 likes 14 reposts 1 reply 2 mentions

  Tue, Oct 8, 2019 9:27pm -04:00 #security #2fa
• 

  Yet another example of why SMS is terrible for 2fa and account recovery.
  
  "the database — running on Amazon’s Elasticsearch — was configured with a Kibana front-end, making the data within easily readable"
  
  https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/

  Chicago, Illinois, USA • 39°F

  7 likes 9 reposts 2 replies

  Fri, Nov 16, 2018 3:23pm -06:00 #security #sms #2fa
• The Value of a Name (ello.co)

  as of Saturday morning my number had been forwarded to a number I did not recognize. Unreal. So, as far I can tell, the attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account.

  Fri, Oct 31, 2014 6:43pm -07:00 #security #2fa
• I work as a sales rep in-store for a telco. From a security perspective, it's ridiculous... | Hacker News (news.ycombinator.com)

  Anyone relying on two-factor auth with a phone number who uses my company is vulnerable. Simple as that. It would take a determined attacker a day to get control of your number.

  Fri, Oct 31, 2014 6:27pm -07:00 #2fa #security
• https://twitter.com/pebble
  

  @pebble I would really love to see the ability for notifications to include custom-defined actions for the three right buttons! For example, a notification arrives that says "would you like to approve this login?" and the top and bottom buttons say "Yes" and "No". Each button has a URL defined that will be requested when the respective button is pressed. This would make for a slick two-factor auth utility among other things, and could even be developed without writing any code that runs on the Pebble!

  Portland, Oregon, USA

  Fri, Oct 3, 2014 12:06pm -07:00 #pebble #2fa
• 

  Thinking about two-factor auth at a nano level, requiring human confirmation before any client can actually post to your site via your micropub endpoint.
  
  For example, I sign in to barnaby's experimental Taproot interface but don't trust it entirely yet. Instead of giving him blanket access to post to my site, every time his app makes a request to my micropub endpoint, it goes and asks me for confiramtion before publishing.
  
  Either OOB confirmation (2-factor auth via SMS or something) or an OAuth-like confirmation dialog from the same browser window.
  
  #indieauth #micropub #2fa

  Portland, Oregon, USA

  2 likes 1 reply

  Wed, May 21, 2014 11:10pm -07:00 #indieauth #micropub #2fa