Tootfinder

Opt-in global Mastodon full text search. Join the index!

@Defiance@sfba.social
2026-06-06 21:55:02

I had 2FA setup but couldn't generate the code, or some other recovery code I was supposed to have. But I prefer your explanation.

@gray17@mastodon.social
2026-07-04 04:02:25

lost my usb key; found it in the trash. must have swept it up with other debris when I cleaned my desk. oops
now where did I put my backup key and did I add it to enough things. well, I've been pretty diligent about putting 2fa recovery codes into bitwarden (yes that puts the 2nd factor next to the 1st factor but I don't have a better answer yet)
oh, bitwarden now requires 2fa, lemme make sure I have a backup key for that
... this is such a hassle. too bad it's …

@kubikpixel@chaos.social
2026-04-08 05:05:09

«Storm Infostealer umgeht 2FA — Malware übernimmt Accounts ohne Passwort:
Der neue Storm Infostealer umgeht 2FA, kapert Accounts per Session-Hijacking und entschlüsselt Daten serverseitig.»
Ich gehe mal davon aus, dass die JSON Web Token (JWT) umgehen. JWT ist zwar populär aber nicht sicher. Die Zwei-Faktoren Autentifikation (2FA) ergibt am Ende auch JWT zur online Erkennung.
😕

@gray17@mastodon.social
2026-07-03 03:22:17

etrade 2fa wants to send a code to my phone number, sure. but.. if I click "try another way", it asks me to enter a phone number that it will send a code to? checkbox compliance, "yes we have 2fa"

@kubikpixel@chaos.social
2026-06-18 19:10:03

«Critical Copilot vulnerability allowed hackers to steal 2FA code from users:
SearchLeak exploit shows why the industry’s approach to LLM security fails over and over.»
WTF: What is intelligent now and how to tackle what? Certainly not the usual popular AI for IT security.
☠️

@dawid@social.craftknight.com
2026-05-25 16:58:08
@… Problemem jest ogólnie 2FA do odblokowania PESEL przez numer telefonu.

Bo odzyskanie numeru wymaga odblokowania PESEL, a odblokowanie PESEL wymaga aktywnego numeru do odebrania SMS. Odblokowanie PESEL wymaga stawienia się w urzędzie - co dla kogoś spędzającego 9-10msc w roku poza krajem może być słabe.

Rozwiązaniem jest pos…
@johnleonard@mastodon.social
2026-05-13 10:42:35

Google researchers found a zero‑day exploit likely developed with AI, designed to bypass 2FA.
Unusual code patterns - including hallucinated CVSS scores - gave it away.
computing.co.uk/n…

@hynek@mastodon.social
2026-04-07 06:21:42

I gotta admit that Passkeys have grown on me. I use them with 1Password & the integration even in Apple’s apps is great.
Looks like the worst UX problems have been ironed out and pressing “Login using Passkey” is much nicer than pasting email codes or getting angry that OTP auto-fill doesn’t work.
My main annoyance now is that many sites use it as 2FA and not as a primary login.

@dawid@social.craftknight.com
2026-05-25 16:40:47
@… Tak, o tym serwisie pisałem - logowanie przez ePUAP - 2FA SMS, albo aplikacja mobilna/bank.

Masz telefon zbrikowany telefon z eSIMem - nie możesz się zalogować, żeby odblokować PESEL, żeby dodać nowy eSIM (bo to jak nowa karta) do nowego urządzenia lub wyrobić duplikat fizyczny SIM.
@nelson@tech.lgbt
2026-06-29 13:52:45

Is there a realistic way for an American to get 2FA website login codes via WhatsApp or something, anything more reliable than SMS when I'm in Europe? Some sites I use have TOTP or an email option but some insist on an actual SMS. Not even sure they can do RCS and they don't seem to.

@dawid@social.craftknight.com
2026-05-25 12:03:14
@… Tak - tylko parowanie aplikacji bankowej na "nowym" urządzeniu wymaga autoryzacji przez 2FA - najczęściej albo inna apka (nie możliwe - zbrikowany telefon), albo... SMS - sprawa z eSIMem i odblokowaniem PESEL.