mysk, 1 year ago to infosec

Two months after we raised the alarm about fake authenticator apps, rogue apps continue to dominate top search results on both the App Store and Google Play --including the app sending #2FA seeds remotely. A recent podcast by @nakedsecurity reveals.
#InfoSec #Cybersecurity #Privacy #Security

https://nakedsecurity.sophos.com/2023/04/20/s3-ep131-can-you-really-have-fun-with-fortran/

video/mp4

Uwu, 1 year ago to fediverse

First Impressions from #Calckey :
Very good!
Import of List and follows works great
Interface is interesting - a little bit to much "Information"
a lot of settings(thats good!)
2FA and HardwareKey function!
DarkMode and themes and much more.
Post Preview
extra place for Hashtags

And I love the "clock" I attached a picture of it:
AltText: Loading Bar Style with 3 Bars(Today 50,3%, Month 71,7%, Year 30,5%)
Fediverse

I miss only two things atm. Maybe i did not find it?

• where to put AltText for pictures ?
• Option to exclude people, which I follow, from my HomeTimeline.
  (Reason - I put them on thematic #list s) #Fediverse #2FA #HardwareKey #DarkMode #themes #calckey

mysk, 1 year ago to infosec

Our team appeared on NBTV and shared more insights into the data that popular authenticator apps collect about you.

Naomi Brockwell gave nice advices about how to choose your 2FA app.
Don't miss that👇

#Security #Privacy #2FA #CyberSecurity #InfoSec
https://youtu.be/JHIAIzOPz3I

zak, 1 year ago to random

Provided everything goes according to plan on the 1Password side of things, I think I may be one of the people that entirely skips physical security keys for #2FA and moves right to passkeys, likely with no 2FA required at all.

Edent, 2 years ago to random

Why is there no formal specification for otpauth URls?

Yes yes, Cunningham's law etc etc!

I want to play around with 2FA codes. So, I started looking for the specification. Turns out, there isn't one. Not really.

IANA has a provisional registration - but no spec.

It links to an archived Google Wiki which, as we'll come on to, isn't sufficient.

There's some doc

https://shkspr.mobi/blog/2022/05/why-is-there-no-formal-specification-for-otpauth-urls/

#/etc/ #2fa #qr #security #totp

Edent, 2 years ago to security

What's the risk from fake Yubikeys?

I found this on a security-related Slack (shared with permission).

It launched an entertaining discussion about the risks of taking a potentially fake FIDO token.

We all know the risks of taking a free USB drive and shoving it in our computer, right?

https://shkspr.mobi/blog/2022/03/whats-the-risk-from-fake-yubikeys/

#/etc/ #2fa #security #yubikey

Edent, 3 years ago to security

That’s not how 2FA works

Another day, another high-profile website cloned to phish credentials.

https://twitter.com/_tessr/status/1350475941026390021

In the replies, you’ll see lots of techbros saying “this is why you should switch on 2FA people!!!”

Except, and I hate to bring accuracy to a technical discussion, that’s not how 2FA works!

A second factor allows a site to bette

https://shkspr.mobi/blog/2021/01/thats-not-how-2fa-works/

#/etc/ #2fa #security #usability #yubikey

Edent, 4 years ago to security

My 2FA Code was 000 000!

https://shkspr.mobi/blog/2020/03/my-2fa-code-was-000-000/

#2fa #security