WeChat ID
aaronpk_tv
#2fa
-
I'm a big fan of using more secure two-factor authentication methods like a security key or TouchID, but I will admit I never expected charging people to use SMS would be a viable strategy to get them off it 😅 https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter -
Phishing Campaign Targets YouTube Creators With Cookie Stealing Malware To Hijack Accounts And Stream Cryptocurrency Scams - CPO Magazine (www.cpomagazine.com)"The hackers also used the “pass-the-cookie attack” to compromise YouTube accounts and take control. Google says that although the method has been around for decades, it has recently skyrocketed because of the adoption of multi-factor authentication (MFA)."
-
lol the phone system is so broken https://twitter.com/josephfcox/status/1371509983842598918
-
Me: I'm getting 2FA errors trying to add this device to my account
Support: We received your request to disable 2FA. Confirm by telling us the date you last logged in.
Me: No I would like to keep 2FA on, I just am getting this error msg.
Support: Okay, we disabled 2FA.
🤦♂️ -
Stay safe out there kids https://twitter.com/digitallawyer/status/1181348689756864513
-
Yet another example of why SMS is terrible for 2fa and account recovery.
"the database — running on Amazon’s Elasticsearch — was configured with a Kibana front-end, making the data within easily readable"
https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/ -
The Value of a Name (ello.co)
as of Saturday morning my number had been forwarded to a number I did not recognize. Unreal. So, as far I can tell, the attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account.
-
I work as a sales rep in-store for a telco. From a security perspective, it's ridiculous... | Hacker News (news.ycombinator.com)
Anyone relying on two-factor auth with a phone number who uses my company is vulnerable. Simple as that. It would take a determined attacker a day to get control of your number.
-
@pebble I would really love to see the ability for notifications to include custom-defined actions for the three right buttons! For example, a notification arrives that says "would you like to approve this login?" and the top and bottom buttons say "Yes" and "No". Each button has a URL defined that will be requested when the respective button is pressed. This would make for a slick two-factor auth utility among other things, and could even be developed without writing any code that runs on the Pebble!
-
Thinking about two-factor auth at a nano level, requiring human confirmation before any client can actually post to your site via your micropub endpoint.
For example, I sign in to barnaby's experimental Taproot interface but don't trust it entirely yet. Instead of giving him blanket access to post to my site, every time his app makes a request to my micropub endpoint, it goes and asks me for confiramtion before publishing.
Either OOB confirmation (2-factor auth via SMS or something) or an OAuth-like confirmation dialog from the same browser window.
#indieauth #micropub #2fa
