Tootfinder

Big password leak. Change your passwords for google, Facebook, GitHub, etc right now, and turn on 2FA

A whistleblower provides nonpublic data revealing that 1M 2FA SMS messages from June 2023 passed via Fink Telecom, a small Swiss company linked to spy agencies (Bloomberg)

If you are like me, then you might have installed the #GoogleAuthenticator app, back in the days when it was the only solution out there for #TOTP #2FA.
But that is long ago. Since …

Now that most services have implemented 2FA (multi-factor authentication) we are seeing a new breed of scams that exploit them and trick people into approving requests under the guise of fraud prevention, which is easy to do now that we are bombarded by more secure logins. The next time you get a fraud prevention alert, be quadruple vigilant about how you respond to 2FA requests.

@…
"2FA Liberapay does not yet support two-factor authentication."
When!? 🤦
#LiberaPay #Privacy

Right, Google Authenticator is out. Aegis is the new owner of the 2FA service. Gradually removing services from Evil Corp.

Now that most services have implemented 2FA (multi-factor authentication) we are seeing a new breed of scams that exploit them and trick people into approving requests under the guise of fraud prevention, which is easy to do now that we are bombarded by more secure logins. The next time you get a fraud prevention alert, be quadruple vigilant about how you respond to 2FA requests.

看到 HackerNews 讨论频繁要求用户输入密码其实会降低安全。我深有此感。
工作用工具十几分钟就要重新认证，虽然公司不允许，但是我直接一个浏览器记住密码了。谁十几分钟给你输一次密码呀，闲的。
对于那些不到一个月就要重新登陆的网站，我也有减少访问的倾向，一想到要输入密码输入 2FA 就压力增大，干脆不去这网站了。Mastodon 就很好，基本不用担心登录频繁失效。

@… @… tl;dr: something that replaces login password 2FA credentials
http…