Search
Items tagged with: 2fa
Wenn man mal die Nummer wechseln muss, ist man bei 2-Faktor-Identifizierung übers Fon echt angeschissen.
#2FA
Tutoriales para poner un Segundo Factor de Autenticación en tus identidades digitales
Blog personal de Chema Alonso (CDO Telefónica, 0xWord, MyPublicInbox, Singularity Hackers) sobre seguridad, hacking, hackers y Cálico Electrónico.www.elladodelmal.com
ich wollte meine #2FA in #Friendica neu einrichten, da ich auf meinen Zweiten Faktor keinen Zugriff mehr habe.
Ich habe dazu in einem angemeldetem Browser die 2FA deaktiviert.
Wenn ich das nun aktiviere, erscheint nur diese Meldung uns sonst nichts.
Ich kann also das ganze wieder deaktivieren oder beenden.
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Why is this bad?
Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵
#Privacy #Cybersecurity #InfoSec #2FA #Google #Security
All these authenticator apps are free and offer in-app purchases. You install them to discover that you can't scan any QR code until you subscribe, $40/year with 3 days free trial. The apps are very similar, as if it was the same developer or "template" 🧐
#iOS #AppStore #2FA #Privacy #InfoSec
Aplicaciones libres para Android (III): Aegis Authenticator – noroute2host.com
https://noroute2host.com/aegis-authenticator.html
Aplicaciones libres para Android (III): Aegis Authenticator
Tercer capítulo de la serie Aplicaciones Libres para Android. Para este capítulo os acerco Aegis Authenticator, un gestor de tus tokens para los servicios con segundo factor de autenticación o 2FA.AdriMcGrady (noroute2host.com)
Chema Alonso en Mastodon
Blog personal de Chema Alonso (CDO Telefónica, 0xWord, MyPublicInbox, Singularity Hackers) sobre seguridad, hacking, hackers y Cálico Electrónico.www.elladodelmal.com
Aegis gestor de tokens libre
Bueno, este post algo diferente, ya que no suelo recomendaros apps de dispositivos móviles, pero en este caso, creo que Aegis es muy recomendable, ya que cada día tenemos más Tokens OTP que gestionar, en el trabajo, en lo personal, de los usuarios… …Héctor Herrero (Blog Bujarra.com)
#2FA #Surveillance #Anonymity #Anonymous #News #Mitto #privacy #HumanRights #SelfCensorship #Censorship #FreeSpeech
On #Peertube:
https://tube.tchncs.de/w/f7vRZo4BFPCTusfFTguLPk
News: SMS 2FA Provider Caught! Selling Identity Tracking + Location/Phone Records For Surveillance
Social Media 2FA SMS phone numbers + records + locations SOLD to surveillance companies! This can open you to spear phishing attacks and much more! Especially with things like the iPhone 0click iMessage vulnerability, known to be used by NSO Group.tchncs
#FCC #SIMswapping #Infosec #PortOutFraud #Cybersecurity #News #telecom #2FA
https://krebsonsecurity.com/2021/10/fcc-proposal-targets-sim-swapping-port-out-fraud/
FCC Proposal Targets SIM Swapping, Port-Out Fraud
The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target's mobile phone number and us…krebsonsecurity.com
-- unless further manipulation made available via Phone number. And in certain cases SMS can offer this (ie: pw change).
#2FA #Infosec #Cybersecurity #Security #FCC #password
https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/
Can We Stop Pretending SMS Is Secure Now?
SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of people (many of them low-paid mobile store employees) who can be tricked or bribed into swapping control over a…krebsonsecurity.com
Better Options Include:
*2nd e-mail
*Hardware Keys
*Authenticator Apps
*Push Based
#Security #2FA #Privacy #SocialMedia #Infosec #Cybersecurity #SMS
https://www.eff.org/deeplinks/2017/09/guide-common-types-two-factor-authentication-web
A Guide to Common Types of Two-Factor Authentication on the Web
Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it's becoming much more common across the web.Electronic Frontier Foundation
Carrying over #privacy concerns:
Certain companies w/history of sharing phone numbers provided for "security." #Infosec
https://www.cbsnews.com/news/facebook-said-to-use-peoples-phone-numbers-for-ad-targeting/
Facebook said to use people's phone numbers for ad targeting
The social-media service reportedly uses numbers provided for security measures to sell adsAimee Picchi (CBS News)
Authenticador: App para generar códigos de autenticación 2FA
Authenticador es un utilitario de software del proyecto GNOME Circle, utilizado para generar códigos de autenticación de doble factor (2FA).Jose Albert (Ubunlog)
