WeChat ID
aaronpk_tv
#MFA
-
I'm a big fan of using more secure two-factor authentication methods like a security key or TouchID, but I will admit I never expected charging people to use SMS would be a viable strategy to get them off it 😅 https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter -
There's nothing like being at #EIC2022, a conference all about identity and security, where phishing and hacking have been a major theme across all the talks, and then getting a "is this you?" push on my phone from an IP on a sketchy VPN followed by a password reset email
-
Phishing Campaign Targets YouTube Creators With Cookie Stealing Malware To Hijack Accounts And Stream Cryptocurrency Scams - CPO Magazine (www.cpomagazine.com)"The hackers also used the “pass-the-cookie attack” to compromise YouTube accounts and take control. Google says that although the method has been around for decades, it has recently skyrocketed because of the adoption of multi-factor authentication (MFA)."
-
The headline is *extremely* unfortunate, since it could confuse users into avoiding #MFA mechanisms that @Alex_T_Weinert is actually advocating for, like push-based authn and authenticator apps, not to mention #FIDO, that rely on "phones".
https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/ -
The confusing part about online security is knowing *when* it's safe to give your SMS two-factor auth codes to a third party.
