Tootfinder

Now that most services have implemented 2FA (multi-factor authentication) we are seeing a new breed of scams that exploit them and trick people into approving requests under the guise of fraud prevention, which is easy to do now that we are bombarded by more secure logins. The next time you get a fraud prevention alert, be quadruple vigilant about how you respond to 2FA requests.

@…
"2FA Liberapay does not yet support two-factor authentication."
When!? 🤦
#LiberaPay #Privacy

Das BSI warnt: Immer weniger Menschen nutzen 2FA und sichere Passwörter, obwohl Cybergefahren steigen. Nur 34% setzen auf 2FA, Updates werden vernachlässigt, Firewalls sind out. Die Argumentation des BSI ist klar: Wer sich schützt, bleibt seltener Opfer. Doch die Bereitschaft (und Unkenntnis) sinkt – fatal! #Cybersecurity

A whistleblower provides nonpublic data revealing that 1M 2FA SMS messages from June 2023 passed via Fink Telecom, a small Swiss company linked to spy agencies (Bloomberg)

I use a Cloudflare tunnel which, among other things, requires a 2FA code. A code number that I was not receiving... Why? Because I'm so stupid that I was using the old Proton Mail domain (protonmail.com) instead of the new one (proton.me), not remembering that my Cloudflare account was associated with the latter.
I am the weakest link in my own chain.

Big password leak. Change your passwords for google, Facebook, GitHub, etc right now, and turn on 2FA

If you are like me, then you might have installed the #GoogleAuthenticator app, back in the days when it was the only solution out there for #TOTP #2FA.
But that is long ago. Since …

@… @… tl;dr: something that replaces login password 2FA credentials
http…

Right, Google Authenticator is out. Aegis is the new owner of the 2FA service. Gradually removing services from Evil Corp.

看到 HackerNews 讨论频繁要求用户输入密码其实会降低安全。我深有此感。
工作用工具十几分钟就要重新认证，虽然公司不允许，但是我直接一个浏览器记住密码了。谁十几分钟给你输一次密码呀，闲的。
对于那些不到一个月就要重新登陆的网站，我也有减少访问的倾向，一想到要输入密码输入 2FA 就压力增大，干脆不去这网站了。Mastodon 就很好，基本不用担心登录频繁失效。