Remember when Google Authenticator started syncing 2FA codes to the cloud? Companies are now getting hacked thanks to this "feature". An attacker gained access to a GSuite account via phishing and could then just use the 2FA codes that were previously only residing on employees phones.
#TechnicalWriting#Cybersecurity#MFA: "Technical writers simplify complex information so that anyone can understand it. The best tech writers partner with project, product, marketing, engineering, and customer support teams to create strategies and content that help customers and internal teams succeed. That’s exactly what Tammy Rahn, content architect at Salesforce, did for the MFA initiative.
In her time at Salesforce, Rahn learned to connect internal silos. No matter the roles, teams, or organizational structures, she used content as a foundation to align stakeholders and drive tasks forward. From the start of the MFA program, she aligned teams around a centralized content strategy – including a blueprint for how to inspire and guide customers to adopt MFA.
Investing in quality technical writers can help your company break down silos. This ensures that employees across departments are able to understand the task — and how to explain the benefits to customers."
On GitHub i recently found a link to Tusky instead of Pachli... but can not find it right now... do you fixed that one? https://github.com/pachli/pachli-android
I have a TOTP app on my phone, rather than use TOTP in the Password Manager (feels a bit too much like single factor), but then wanting a reliable and encrypted place for backup codes, I have been putting those in the PWM... which is back to the same issue.
Before that I was just saving them in text files in my documents folder...
One tip for #MFA - if you use something like Google Authenticator, etc., for TOTP, also save your MFA codes to a secure backup, like a @keepassxc database you store locally on another device. This way if your phone gets lost/stolen/broken, you aren't locked out of all of your MFA accounts. There is nothing server side that can tell how many times you scan the QR code. You can register the same TOTP with Google Auth, Authy, and Keepassxc, and it should all work the same.
Thinking about what will happen with my #DigitalEstate when I eventually die. How will my loved ones access the accounts and documents and devices, that I have taken care to protect with #MFA and #encryption and other #Security measures?
Furthermore: why FIDO2 does have some advantages compared to passkeys when #security is more important than convenience. Passkeys leaks your private key to the #cloud provider.
Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich.
Creepy dude: “I’m gonna hack you!”
Me: “Free #pentest ? Sounds good”
Creepy dude: I SAID IM GONNA #hack YOU! Be scared, female!
Me: This dude is gonna test my #systems for free. I was just gonna pay someone a chunk of change.
Me: noooooo dont!
Creepy guy: tries to get in my accounts, repeatedly fails bc i got a yubikey in my clit ring bc crazy person
Me: well… at least hardware authentication works.
#tusky has sadly still not a usable feed "load more" function, because it jumps to the top, not to the next toot after clicking the "load more" button.
Hier, en "pause tech" chez mon client, j'ai présenté quelques solutions matérielles pour faire de l'authentification multi facteurs (2FA/MFA/TOTP). J'ai parlé de yubikey, solokeys, titan keys. Et aussi des solutions logicielles: Authenticator, FreeOTP, LastPass, etc.
Coté applications qui permette l'usage de cette bonne pratique de sécurité, j'ai découvert https://www.dongleauth.com/
I got a text for an Amazon SMS code which confused me as it's on my Samsung phone I use for content creation which is on a new Mint Mobile number not tied to anything. I think the old owner of this number may be locked out of their amazon. Ouch... this is why everything is app MFA minimum for me. Most of my accounts if sim jacked wouldn't be effected as any that require SMS usually go over my VoIP which is protected by Yubikey. #infosec#cybersecurity#Mfa#2fa
These #yubikey nano’s are really small I was so afraid I would lose them I had to buy a lanyard for them even though I plan to keep one in my work computer. Thanks for the hookup @yubico#cybersecurity#InfoSec#FIDO#totp#mfa
Tipp Nr.7: Verwende starke und einzigartige Passwörter für deine Konten. Mit »stark« ist gemeint, dass das Passwort möglichst lang ist (ab 16 Zeichen aufwärts) und zufällig entstanden ist. Die Verwaltung von den Zugängen/Konten solltet ihr über einen Passwort-Manager bewerkstelligen. Für zusätzliche Sicherheit: Zwei- oder Mehr-Faktor-Authentisierung (#2FA, #MFA) bspw. via TOTP, FIDO/U2F.
Google released first quantum-resilient FIDO2 key implementation (www.bleepingcomputer.com)
Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich.
New moderators needed - comment on this post to volunteer to become a moderator of this community. self.malefashionadvice submitted 8 hours ago by ModCodeofConduct[A] (old.reddit.com)
Im sure theyre going to find the perfect mods
MFA status
I couldn't find support for enabling MFA in my profile anywhere. In a modern world, this is a must have feature....