2026-06-06 21:55:02
I had 2FA setup but couldn't generate the code, or some other recovery code I was supposed to have. But I prefer your explanation.
I had 2FA setup but couldn't generate the code, or some other recovery code I was supposed to have. But I prefer your explanation.
lost my usb key; found it in the trash. must have swept it up with other debris when I cleaned my desk. oops
now where did I put my backup key and did I add it to enough things. well, I've been pretty diligent about putting 2fa recovery codes into bitwarden (yes that puts the 2nd factor next to the 1st factor but I don't have a better answer yet)
oh, bitwarden now requires 2fa, lemme make sure I have a backup key for that
... this is such a hassle. too bad it's …
«Storm Infostealer umgeht 2FA — Malware übernimmt Accounts ohne Passwort:
Der neue Storm Infostealer umgeht 2FA, kapert Accounts per Session-Hijacking und entschlüsselt Daten serverseitig.»
Ich gehe mal davon aus, dass die JSON Web Token (JWT) umgehen. JWT ist zwar populär aber nicht sicher. Die Zwei-Faktoren Autentifikation (2FA) ergibt am Ende auch JWT zur online Erkennung.
😕
etrade 2fa wants to send a code to my phone number, sure. but.. if I click "try another way", it asks me to enter a phone number that it will send a code to? checkbox compliance, "yes we have 2fa"
@dawid@social.craftknight.comGoogle researchers found a zero‑day exploit likely developed with AI, designed to bypass 2FA.
Unusual code patterns - including hallucinated CVSS scores - gave it away.
https://www.computing.co.uk/n…
I gotta admit that Passkeys have grown on me. I use them with 1Password & the integration even in Apple’s apps is great.
Looks like the worst UX problems have been ironed out and pressing “Login using Passkey” is much nicer than pasting email codes or getting angry that OTP auto-fill doesn’t work.
My main annoyance now is that many sites use it as 2FA and not as a primary login.
@dawid@social.craftknight.comIs there a realistic way for an American to get 2FA website login codes via WhatsApp or something, anything more reliable than SMS when I'm in Europe? Some sites I use have TOTP or an email option but some insist on an actual SMS. Not even sure they can do RCS and they don't seem to.
@dawid@social.craftknight.com