Tootfinder

I have Mailchimp set up to use MFA via TOTP and I have 2FA via SMS turned off.
I just logged in for the first time in a while. It made me verify by SMS and didn’t ask me for my TOTP number. In the settings, I have this configured correctly, but there’s a “We’ll use this to confirm your identity if we spot any unusual activity on your account.” phone number.
This seriously lowers my confidence that they’re doing this right at all. Everything seems to have gotten worse over the pas…

The boss wants me to set up 2fa on the work gmail account, which is fair enough, but it turns out to be impossible to do so.
In order to set up 2fa with Gmail you must first associate a phone number with your account because Google are greedy data-hoarders.
But I don't have any business phone number and I am unwilling to associate my personal phone number with my employers gmail account.
So we had to do the dance where I give it his phone number and he forwards the sms confirmation to me and then I set up 2fa and then delete the phone number.
Every other one of the services he's asked me to set up 2fa for didn't require a phone number.
It's mostly just Google that Sucks.
#google #sucks #googleSucks

Passwort, 2FA oder Passkey?
https://stohl.de/wordpress/?p=188364

Passwort, 2FA oder Passkey?
Die meisten Nutzer in Deutschland achten bei der Passwort-Erstellung auf Komplexität, bleiben aber Passwort fixiert: Die Deutschen setzen 2FA zögerlich ein. Dann fragen wie mal lieber nicht nach Pa…

Millions Of #Google, #WhatsApp, #Facebook #2FA Security Codes Leak Online

WHY ON EARTH are we still relying on SMS? TOTP! Repeat after me, TOTP!!! Get people into using TOTP!!!!!!!! https://techcrunch.com/2024/02/29/leaky-database-two-factor-codes/

Soweit ich es verstehe, war beim Angriff auf die British Library am Ende ein kompromittiertes Passwort schuld.
Insofern wäre selber sicher nicht der schlechteste Schritt, möglichst überall 2FA/MFA zu implementieren.
Minimal ausprobiert habe ich bisher nur multiOTP (https://github.com/multiOTP…

i cant login to discord because they forgot to add the 0 key to the numpad

It makes me downright queasy that private equity bought 1Password. I'm sure that's an overreaction, private equity has never bought companies and fucked them up just to turn a quick profit, have they? It's so tempting to put 2FA in there too, but, SPOF, that would suck.

It’s every time, here.
From: @…
https://social.kiesow.net/@dkiesow/112180707160383842

Soweit ich es verstehe, war beim Angriff auf die British Library am Ende ein kompromittiertes Passwort schuld.
Insofern wäre selber sicher nicht der schlechteste Schritt, möglichst überall 2FA/MFA zu implementieren.
Minimal ausprobiert habe ich bisher nur multiOTP (https://github.com/multiOTP…

Zweiter Vorfall bei Roku: Fast 600.000 Nutzerkonten betroffen
Angreifer versuchen derzeit massenhaft, Roku-Konten zu kapern. Der Streaminganbieter kontert mit 2FA.
https://www.

Come gli hacker possono intercettare le tue chiamate e i codici 2FA con un semplice trucco!
https://poliverso.org/display/0477a01e-ef3fa62a-396c3c25d0d605de
Come gli hacker possono intercettare le tue chiamate e i codici 2FA con un semplice trucco! …

A database leak exposed 2FA codes belonging to major tech companies worldwide. https://reddit.com/r/cybersecurity/comments/1b4pv5h/

How Hackers Can Hijack 2FA Calls with Sneaky Call Forwarding https://www.404media.co/how-hackers-can-hijack-2fa-calls-with-sneaky-call-forwarding/

I've installed #lineageOS on my old Xiaomi phone and noticed how hard it is to share stuff like 2FA tokens between iOS and Android. I didn't find any good apps for this so I made a website where you can make a room and share stuff between any devices.
https://…

I had locked myself out of my phone (don't ask) and had to do a factory set. It turns out that my backup strategy has been very good as I haven't lost any important data (without relying anyone else's cloud servers).
However, I worried that I might have lost access to the Aegis Authenticator 2FA vault (but I didn't). To not solely rely on my phone for 2FA in the future, I have now set up TOTP in KeePassXC which I am using anyway for passwords so I can now also create 2F…

A database leak exposed 2FA codes belonging to major tech companies worldwide. https://reddit.com/r/cybersecurity/comments/1b4pv5h/

https://github.com/dlenski/python-vipaccess works great for setting up 2FA with banks that only support Symantec VIP Access, it talks to the Symantec server to get a credentials id and gives you the TOTP shared secret to add to the 2FA app of your choice (I use

nice, @… is live on discord now about 2FA
#cybersecurity

2FA?
Cyberattaque de France Travail : comment des hackers ont réussi Š voler les données de millions de personnes - Le Parisien
https://www.leparisien.fr/economie/cyberat…

Cyberattaque de France Travail : comment des hackers ont réussi à voler les données de millions de personnes
Cette attaque informatique intervient trois jours après qu’un groupe de hackers prorusses s’en est pris à plusieurs services informatiques de l’État. Les données personnelles (noms, adresses, numéros de Sécurité sociale) sont concernées, pas les mots de passe ni les coordonnées bancaires, assure l’organisme.

@… Good morning! How can I help you improve on form-detection? The 2FA doesn't work automatically on login.schlundtech.com - might be because it is ExtJs (at least it looks like it)

Dear the Fediverse.
AWS is nagging me about 2FA on my Root Account and I think I should probably buy a #Yubikey.
But my brain is unable to focus on the marketing bilge on their website. What should I know before deciding which one to buy?

The user discusses Google's session hijacking issue, where strong passwords and 2FA may still be compromised. They suggest that an added layer of security could be requiring 2FA for changing critical account settings, even on trusted devices, restricting the potential damage if an account is compromised. https://reddit.com/r/cybersecurity/comments/1bmsay1/

Is there a FLOSS app that I can use instead of MS Authenticator for 2FA logins to MS products?
#followerpower

The user criticizes PayPal's 2FA system after discovering that there are no backup codes provided. They express concerns about the potential for social engineering, as individuals could theoretically bypass 2FA security by persuading a support agent to disable it. They also questioned the purpose of 2FA if using it while travelling still flags the account as potentially hacked. https://reddit.com/r/cybersecurity/comments/1bdl2js/

Gibt es eine FLOSS-App, die man statt dem MS Authenticator verwenden kann, um 2FA für die Office-Anwendungen o.ä. zu erzeugen?
#followerpower