MastodonTech.de

EuropeMFA: Moldova condemns the actions of the GRU and welcomes British sanctions0 The authorities in Chisinau have declared that they fully support the United Kingdom’s decision to sanction three… <a href="https://flipboard.social/tags/Europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#Europe</a> <a href="https://flipboard.social/tags/Moldova" class="mention hashtag" rel="nofollow noopener" target="_blank">#Moldova</a> <a href="https://flipboard.social/tags/cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberattack</a> <a href="https://flipboard.social/tags/GRU" class="mention hashtag" rel="nofollow noopener" target="_blank">#GRU</a> <a href="https://flipboard.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://flipboard.social/tags/sanctions" class="mention hashtag" rel="nofollow noopener" target="_blank">#sanctions</a> <a href="https://flipboard.social/tags/TheRussianFederation" class="mention hashtag" rel="nofollow noopener" target="_blank">#TheRussianFederation</a> <a href="https://flipboard.social/tags/TheUnitedKingdom" class="mention hashtag" rel="nofollow noopener" target="_blank">#TheUnitedKingdom</a> <a href="https://www.europesays.com/2257805/" rel="nofollow noopener" translate="no" target="_blank">https://www.europesays.com/2257805/</a>

EuropeThe new acting U.S. Chargé d’Affaires begins his mandate in Moldova0 The new acting Chargé d’Affaires of the United States of America, Kevin Covert, has begun his mandate… <a href="https://flipboard.social/tags/Europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#Europe</a> <a href="https://flipboard.social/tags/Moldova" class="mention hashtag" rel="nofollow noopener" target="_blank">#Moldova</a> <a href="https://flipboard.social/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#EU</a> <a href="https://flipboard.social/tags/KevinCovert" class="mention hashtag" rel="nofollow noopener" target="_blank">#KevinCovert</a> <a href="https://flipboard.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://flipboard.social/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#USA</a> <a href="https://www.europesays.com/2254479/" rel="nofollow noopener" translate="no" target="_blank">https://www.europesays.com/2254479/</a>

BenjaminAfter several weeks of allowing a lot of _endusers_ to use Windows Hello for authentication, I can NOT suggest it any more. People regularly get new laptops and then call the Helpdesk because "it doesn't work anymore" and they can not log in.<a href="https://toot.berlin/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://toot.berlin/tags/WindowsHello" class="mention hashtag" rel="nofollow noopener" target="_blank">#WindowsHello</a>

Bytes EuropeThe place of the Republic of Moldova is in the European Union, the foreign minister of Belgium <a href="https://www.byteseu.com/1200057/" rel="nofollow noopener" translate="no" target="_blank">https://www.byteseu.com/1200057/</a> <a href="https://pubeurope.com/tags/Belgium" class="mention hashtag" rel="nofollow noopener" target="_blank">#Belgium</a> <a href="https://pubeurope.com/tags/eu" class="mention hashtag" rel="nofollow noopener" target="_blank">#eu</a> <a href="https://pubeurope.com/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a>

Jonathan Kamens 86 47On <a href="https://federate.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#HackerOne</a>'s rollout of mandatory 2FA: ➕ They'll soon require 2FA. ➖ They should've done it long ago. ➕ They don't allow SMS or email as primary 2FA. ➖ They allow SMS for 2FA "recovery," making that the weakest link and canceling out the choice not to allow it as primary. ➕ They require you to generate recovery codes. ➕ They make you enter both a recovery code and a TOTP code to prove you saved everything. ➖ They still don't support WebAuthn. Very much not OK! <a href="https://federate.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://federate.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://federate.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a>

ccinfo.nlArtikel Cybercrimeinfo: <a href="https://www.ccinfo.nl/menu-hulpmiddelen-kwetsbaarheden/tips/2605387_vraag-van-de-week-hoe-veilig-is-jouw-wachtwoord-in-2025-bescherm-je-accounts-tegen-de-nieuwste-cyberdreigingen" rel="nofollow noopener" translate="no" target="_blank">https://www.ccinfo.nl/menu-hulpmiddelen-kwetsbaarheden/tips/2605387_vraag-van-de-week-hoe-veilig-is-jouw-wachtwoord-in-2025-bescherm-je-accounts-tegen-de-nieuwste-cyberdreigingen</a>Podcast Spotify: <a href="https://open.spotify.com/episode/5utqneIyaHxgBSLMDiaiO8?si=580022c850aa4682" rel="nofollow noopener" translate="no" target="_blank">https://open.spotify.com/episode/5utqneIyaHxgBSLMDiaiO8?si=580022c850aa4682</a>Podcast Youtube: <a href="https://youtu.be/BWPzZsdfzgs?si=CLHaqzQCmTak5M7A" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/BWPzZsdfzgs?si=CLHaqzQCmTak5M7A</a><a href="https://mastodon.social/tags/cyberdreigingen" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberdreigingen</a> <a href="https://mastodon.social/tags/wachtwoordbeveiliging" class="mention hashtag" rel="nofollow noopener" target="_blank">#wachtwoordbeveiliging</a> <a href="https://mastodon.social/tags/digitaleveiligheid" class="mention hashtag" rel="nofollow noopener" target="_blank">#digitaleveiligheid</a> <a href="https://mastodon.social/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybercrime</a> <a href="https://mastodon.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a>

Scott WilsonMy local <a href="https://infosec.exchange/tags/school" class="mention hashtag" rel="nofollow noopener" target="_blank">#school</a> system, affected by the <a href="https://infosec.exchange/tags/PowerSchoolBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#PowerSchoolBreach</a> is migrating to a new platform called Infinite Campus.How, in the Year of Our Lord 2025, does this system not support ANY KIND of multi-factor authentication???But don't worry, according to their website, they absolutely take my security and privacy seriously...<a href="https://www.infinitecampus.com/security" rel="nofollow noopener" translate="no" target="_blank">https://www.infinitecampus.com/security</a><a href="https://infosec.exchange/tags/mfa" class="mention hashtag" rel="nofollow noopener" target="_blank">#mfa</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Wintermute_BBS<a href="https://oldbytes.space/@rc2014" class="u-url mention" rel="nofollow noopener" target="_blank">@rc2014</a> <a href="https://oldbytes.space/@electron_greg" class="u-url mention" rel="nofollow noopener" target="_blank">@electron_greg</a> back in school we had a special, modular custom-bus based <a href="https://oldbytes.space/tags/intel8085" class="mention hashtag" rel="nofollow noopener" target="_blank">#intel8085</a> system to teach us about computers and programming.It also had a switch panel and I fondly remember looking up opcodes in a photocopied table so that I knew which value to "toggle" next on the switches before writing it to a memory address. Hands on computing, the real way.It was called <a href="https://oldbytes.space/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> (microcomputer für ausbildung - microcomputer for training) and it also ran CP/M and featured a <a href="https://oldbytes.space/tags/Siemens" class="mention hashtag" rel="nofollow noopener" target="_blank">#Siemens</a> <a href="https://oldbytes.space/tags/SPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#SPS</a> module (god, I hate SPS). It was this system I learned <a href="https://oldbytes.space/tags/intel8085" class="mention hashtag" rel="nofollow noopener" target="_blank">#intel8085</a> <a href="https://oldbytes.space/tags/assembler" class="mention hashtag" rel="nofollow noopener" target="_blank">#assembler</a> on.P.S.: I guess this baby and the fond memory I have of it made me fall in love with <a href="https://oldbytes.space/tags/rc2014" class="mention hashtag" rel="nofollow noopener" target="_blank">#rc2014</a> decades later ...

hackmacDas OLG Dresden stellt klar, dass das S‑pushTAN‑Verfahren keine starke Kundenauthentifizierung bietet, wenn bereits beim Login sensible Daten verfügbar sind. Die Bank haftet mit, auch wenn der Kunde grob fahrlässig handelte. Ein Login nur mit Benutzername und PIN reicht offensichtlich nicht aus, sobald mehr als der Kontostand angezeigt wird. <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/OnlineBanking" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnlineBanking</a> <a href="https://mastodon.social/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITSecurity</a> <a href="https://mastodon.social/tags/pushTAN" class="mention hashtag" rel="nofollow noopener" target="_blank">#pushTAN</a> <a href="https://mastodon.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://mastodon.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://mastodon.social/tags/Banking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Banking</a> <a href="https://mastodon.social/tags/Sparkasse" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sparkasse</a><a href="https://www.heise.de/news/OLG-Urteil-S-pushTAN-Verfahren-reicht-nicht-fuer-starke-Kundenauthentifizierung-10477522.html" rel="nofollow noopener" translate="no" target="_blank">https://www.heise.de/news/OLG-Urteil-S-pushTAN-Verfahren-reicht-nicht-fuer-starke-Kundenauthentifizierung-10477522.html</a>

hackmacHacker schlagen im Herzen der russischen Drohnenentwicklung zu! Ein gezielter Cyberangriff auf STC in Sankt Petersburg, einen zentralen Zulieferer für Russlands militärische DJI-Drohnen. Der Vorwurf: STC unterstützt aktiv den russischen Krieg in der Ukraine mit manipulierten DJI-Drohnen. Die Ironie: Eine Organisation, die Kriegsdrohnen "härtet", war intern selbst alles andere als gehärtet. <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mastodon.social/tags/Cyberwar" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberwar</a> <a href="https://mastodon.social/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialEngineering</a> <a href="https://mastodon.social/tags/Ukraine" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ukraine</a> <a href="https://mastodon.social/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> <a href="https://mastodon.social/tags/Drohne" class="mention hashtag" rel="nofollow noopener" target="_blank">#Drohne</a> <a href="https://mastodon.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://mastodon.social/tags/Hackerangriff" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hackerangriff</a> <a href="https://mastodon.social/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercrime</a>

RedhotcyberIo non ho mai usato l'antivirus... lo sapete perché? Perché il mio sistema operativo è superiore! È... ehm... oddio, aspetta che si è bloccato tutto mentre aprivo il SUDO.<a href="https://mastodon.bida.im/tags/redhotcyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#redhotcyber</a> <a href="https://mastodon.bida.im/tags/meme4cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#meme4cyber</a> <a href="https://mastodon.bida.im/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.bida.im/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://mastodon.bida.im/tags/hacker" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacker</a> <a href="https://mastodon.bida.im/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.bida.im/tags/infosecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosecurity</a> <a href="https://mastodon.bida.im/tags/quotes" class="mention hashtag" rel="nofollow noopener" target="_blank">#quotes</a> <a href="https://mastodon.bida.im/tags/meme" class="mention hashtag" rel="nofollow noopener" target="_blank">#meme</a> <a href="https://mastodon.bida.im/tags/comica" class="mention hashtag" rel="nofollow noopener" target="_blank">#comica</a> <a href="https://mastodon.bida.im/tags/vignette" class="mention hashtag" rel="nofollow noopener" target="_blank">#vignette</a> <a href="https://mastodon.bida.im/tags/citazioni" class="mention hashtag" rel="nofollow noopener" target="_blank">#citazioni</a> <a href="https://mastodon.bida.im/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersec</a> <a href="https://mastodon.bida.im/tags/sicurezzainformatica" class="mention hashtag" rel="nofollow noopener" target="_blank">#sicurezzainformatica</a> <a href="https://mastodon.bida.im/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://mastodon.bida.im/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybercrime</a> <a href="https://mastodon.bida.im/tags/awareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#awareness</a> <a href="https://mastodon.bida.im/tags/meme" class="mention hashtag" rel="nofollow noopener" target="_blank">#meme</a> <a href="https://mastodon.bida.im/tags/memetime" class="mention hashtag" rel="nofollow noopener" target="_blank">#memetime</a> <a href="https://mastodon.bida.im/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.bida.im/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://mastodon.bida.im/tags/MultifactorAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#MultifactorAuthentication</a> <a href="https://mastodon.bida.im/tags/DigitalSafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalSafety</a> <a href="https://mastodon.bida.im/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://mastodon.bida.im/tags/ITHumor" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITHumor</a> <a href="https://mastodon.bida.im/tags/BetterSafeThanSorry" class="mention hashtag" rel="nofollow noopener" target="_blank">#BetterSafeThanSorry</a> <a href="https://mastodon.bida.im/tags/PasswordAddio" class="mention hashtag" rel="nofollow noopener" target="_blank">#PasswordAddio</a> <a href="https://mastodon.bida.im/tags/AwarenessWithASmile" class="mention hashtag" rel="nofollow noopener" target="_blank">#AwarenessWithASmile</a>

EuropeMoldova expands its presence in Switzerland by opening an honorary consulate in Zurich0 The Honorary Consulate of the Republic of Moldova in Zurich, Switzerland, was inaugurated in the presence of… <a href="https://flipboard.social/tags/Europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#Europe</a> <a href="https://flipboard.social/tags/Moldova" class="mention hashtag" rel="nofollow noopener" target="_blank">#Moldova</a> <a href="https://flipboard.social/tags/HonoraryConsulate" class="mention hashtag" rel="nofollow noopener" target="_blank">#HonoraryConsulate</a> <a href="https://flipboard.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://flipboard.social/tags/switzerland" class="mention hashtag" rel="nofollow noopener" target="_blank">#switzerland</a> <a href="https://flipboard.social/tags/Zurich" class="mention hashtag" rel="nofollow noopener" target="_blank">#Zurich</a> <a href="https://www.europesays.com/2220582/" rel="nofollow noopener" translate="no" target="_blank">https://www.europesays.com/2220582/</a>

Em :official_verified:What is your favorite app for Multifactor Authentication, and why do you like it most? 2️⃣✌️👀<a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://infosec.exchange/tags/Authenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authenticator</a>

Florian HaasWhat are your thoughts on Aegis Authenticator?<a href="https://github.com/beemdevelopment/aegis" rel="nofollow noopener" translate="no" target="_blank">https://github.com/beemdevelopment/aegis</a><a href="https://mastodon.social/tags/AskFedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#AskFedi</a> <a href="https://mastodon.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TOTP</a> <a href="https://mastodon.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://mastodon.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a>

Bytes EuropeThe meeting of the Moldovan-Kazakh Economic Cooperation Commission, anticipated for this year <a href="https://www.byteseu.com/1159872/" rel="nofollow noopener" translate="no" target="_blank">https://www.byteseu.com/1159872/</a> <a href="https://pubeurope.com/tags/Diplomacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Diplomacy</a> <a href="https://pubeurope.com/tags/economy" class="mention hashtag" rel="nofollow noopener" target="_blank">#economy</a> <a href="https://pubeurope.com/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://pubeurope.com/tags/Moldova" class="mention hashtag" rel="nofollow noopener" target="_blank">#Moldova</a> <a href="https://pubeurope.com/tags/TheMoldoKazakhJointCommission" class="mention hashtag" rel="nofollow noopener" target="_blank">#TheMoldoKazakhJointCommission</a>

Bytes EuropeClaims of law enforcement using force against Russian citizens are baseless: Azerbaijani MFA <a href="https://www.byteseu.com/1158236/" rel="nofollow noopener" translate="no" target="_blank">https://www.byteseu.com/1158236/</a> <a href="https://pubeurope.com/tags/Azerbaijan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Azerbaijan</a> <a href="https://pubeurope.com/tags/LawEnforcement" class="mention hashtag" rel="nofollow noopener" target="_blank">#LawEnforcement</a> <a href="https://pubeurope.com/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://pubeurope.com/tags/RepublicOfAzerbaijan" class="mention hashtag" rel="nofollow noopener" target="_blank">#RepublicOfAzerbaijan</a> <a href="https://pubeurope.com/tags/RussianCitizens" class="mention hashtag" rel="nofollow noopener" target="_blank">#RussianCitizens</a>

Abimelech B. 🐧🇩🇪| wörk ™️<a href="https://fulda.social/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#microsoft</a> versendet jetzt <a href="https://fulda.social/tags/mfa" class="mention hashtag" rel="nofollow noopener" target="_blank">#mfa</a> <a href="https://fulda.social/tags/sms" class="mention hashtag" rel="nofollow noopener" target="_blank">#sms</a> als fallback per <a href="https://fulda.social/tags/whatsapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#whatsapp</a> ! 🤬

Erik van Straten<a href="https://infosec.exchange/@tychotithonus" class="u-url mention" rel="nofollow noopener" target="_blank">@tychotithonus</a> : thank you for responding. I'm not trying to be aggressive but to make the internet safer.In your original toot, you wrote: "It's comforting to know that I'm significantly protected from these attempts" while showing phishing messages.From <a href="https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa/" rel="nofollow noopener" translate="no" target="_blank">https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa/</a> (a year ago): "In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication (MFA) were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024".From my own research I know that the number of phishing-sites is exploding. PhaaS makes it easy to take over accounts where weak MFA is used.The more people use weak MFA, the more of these sort of attacks we'll be seeing. IOW, the security of weak MFA (TOTP, SMS, number matching) will decrease over time (it does since Alex Weinert wrote this in 2019: <a href="https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124" rel="nofollow noopener" translate="no" target="_blank">https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124</a>).Furthermore, from the page referenced by you, <a href="https://meta.wikimedia.org/wiki/Steward_requests/Global_permissions#Requests_for_2_Factor_Auth_tester_permissions" rel="nofollow noopener" translate="no" target="_blank">https://meta.wikimedia.org/wiki/Steward_requests/Global_permissions#Requests_for_2_Factor_Auth_tester_permissions</a>: "Testing this service may result in the loss of your access and is not recommended for inexperienced users."TOTP effectively means a unique strong (server supplied) password per account that people can impossibly remember. A TOTP app simply is a disguised password manager.There have been lots of incidents where people lost access to multiple MFA-proteced accounts because they lost access to the shared secrets on their phones. Nobody tells people to make sure that backups are made of such secrets, let alone in a secure and privacy-respecting manner.Note: a lot of TOTP apps had serious security issues a couple of years ago, as documented by Conor Gilsenan et al. in <a href="https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan" rel="nofollow noopener" translate="no" target="_blank">https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan</a> (source: <a href="https://infosec.exchange/@conorgil/109542074585730853" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@conorgil/109542074585730853</a>). I doubt that things have significantly improved (Authy was really bad, and at the time, Google's app blocked backups of the shared secrets).Here's an, IMO, way better advice: use a password manager that checks the domain name. Use it to generate long random passwords, and make sure that it's (encrypted) database is backed up after every change you make.I wrote about the caveats of password managers in, for example, <a href="https://infosec.exchange/@ErikvanStraten/113022180851761038" rel="nofollow noopener" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113022180851761038</a>.Recommending people to use TOTP because they use weak passwords is a bad idea IMO: you effectively make them use a password manager (which a TOTP app is, while it does not check domain names) instead of solving the primary problem: weak passwords.<a href="https://infosec.exchange/@conorgil" class="u-url mention" rel="nofollow noopener" target="_blank">@conorgil</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TOTP</a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#WeakMFA</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#Weak2FA</a> <a href="https://infosec.exchange/tags/ATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#ATO</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/Evilginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#Evilginx</a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhaaS</a>

Erik van Straten<a href="https://infosec.exchange/@tychotithonus" class="u-url mention" rel="nofollow noopener" target="_blank">@tychotithonus</a> : can you explain which protection(s) are provided by weak MFA? <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TOTP</a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#WeakMFA</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#Weak2FA</a> <a href="https://infosec.exchange/tags/ATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#ATO</a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#AitM</a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#MitM</a> <a href="https://infosec.exchange/tags/Evilginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#Evilginx</a>

Strelitzer™<a href="https://troet.cafe/@charlybrown" class="u-url mention" rel="nofollow noopener" target="_blank">@charlybrown</a> Das nutzt nichts. Die <a href="https://norden.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> trägt den Termin bei <a href="https://norden.social/tags/doctolib" class="mention hashtag" rel="nofollow noopener" target="_blank">#doctolib</a>, <a href="https://norden.social/tags/jameda" class="mention hashtag" rel="nofollow noopener" target="_blank">#jameda</a> u. a. digitalen Mitessern ein und das war’s dann für dich. <a href="https://norden.social/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMS</a> kommt zum Termin auch noch, wenn du Pech hast. Und das alles ohne deine Einwilligung und <a href="https://norden.social/tags/Datenschutzerkl%C3%A4rung" class="mention hashtag" rel="nofollow noopener" target="_blank">#Datenschutzerklärung</a>. <a href="https://social.tchncs.de/@kuketzblog" class="u-url mention" rel="nofollow noopener" target="_blank">@kuketzblog</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#mfa