I love how the one website that uses a simple four digit #2FactorAuthentication code (which should be plenty for a time-boxed single-use password) is the investment bank asking me to confirm who I am before wiring tens of thousands of dollars. Meanwhile, I need to remember 6-8 digits to type into some random streaming platform that costs $10 a month.

#2FactorAuthentication in a Backdoor on a #Juniper device. Did not have that on my list.

https://www.schneier.com/blog/archives/2025/01/new-vpn-backdoor.html

Here is How To Add 2FA in web apps using Laravel 11. This is amazing tutorial so you could just follow along to do that

https://laramatic.com/step-by-step-guide-to-create-2-factor-authentication-in-laravel/

#laravel #security #2fa #2factorauthentication

Roku is enhancing security measures with new 2-factor authentication following two breaches affecting 600K accounts. #Roku #Security #2FactorAuthentication https://us.technoholic.me/QdJ83ga

What is your preferred method of #2factorauthentication ? 🔑📱

Tuta offers full support for #U2F & #TOTP to keep your account secure! 🔒

👉 https://tuta.com/blog/posts/why-u2f-is-important

Do banks and others realise that "Two factor authentication" no longer works now that text / SMS messages flash up on the screen of a computer, like this.
#bank #lloyds #scam #fraud #2FactorAuthentication

ZDFheute: Gravierende Sicherheitslücken bei Sparkassen
https://www.zdf.de/nachrichten/digitales/sparkasse-online-banking-zwei-faktor-authentifizierung-100.html#xtor=CS5-282 #2FA #2FactorAuthentication

My bank urges me to use their newest app, "cause it's more secure".

Can someone explain to me, how using an app and #2FactorAuthentication #twofactorauthentication on the same device (the phone) is more secure than using the app/website on a computer and 2FA on the phone?

Do I miss anything? :blobthinking:

(I also asked my bank :blobgrin: no answer so far...)

I really don't want to go back to Authy but I will if I have to. #2fa #2FactorAuthentication #AppleWatch

What are people using for a 2FA app these days on their iPhone/Apple Watch? I’m going to have to get rid of Okta Verify because they just discontinued their excellent Apple Watch app. #okta #2FactorAuthentication #2fa #AppleWatch #iPhone

🎬 So this scam #2FA app is using custom product pages of Apple Search Ads to trick users. It has different campaigns per search keywords. When searching for "Microsoft Authenticator", it shows screenshots highlighting "Microsoft". and when searching for "Google Authenticator", it highlights "Google". Watch the video 🤯

It's worth noting that custom product pages need to be approved by App Store Connect and Apple Search Ads.
This app steals 2FA secrets and its model is very suspicious as noted below.

Friendly reminder: Mastodon uses no algorithms for discovering posts. The only way to spread the word is by boosting posts. If you think this post is helpful, boost it to reach others. Thank you 🙏
#Privacy #Apple #iOS #cybersecuritytips #infosec #cybersecurity #security #2FactorAuthentication

The rogue 2FA app that steals scanned secrets is now ranked 18 on the German App Store for the productivity category. No wonder! The app disguises as a Microsoft app. It is the top hit when you search for "Microsoft Authenticator" and the developer has updated the screenshots in the ad card to highlight the word "Microsoft". Surprisingly, the product page of the app shows different screenshots with the word "Microsoft" removed.
The app now has 1.2K reviews, as opposed to 18 when we first addressed the app.

🙏 Boosting this post will help spread the word. Thank you!

#privacy #security #2FactorAuthentication #iOS #infosec

Hello, World! This is my #introduction post. I'm me, you're you (at least I hope so), and I'm glad to be here with you.

I talk about politics, #infosec, bad jokes, memes, and the terrible things we're expected to just accept in the name of capitalism and making the rich richer. Black Lives Matter, trans rights are human rights, sex work is work. SWERFs, TERFs, Nazis, and their apologists need not apply.

I'm an infosec generalist, working on securing both back-end infra and client devices. #ZeroTrust, #2FactorAuthentication, #certificates (both TLS and SSH), are major focus areas for me.

I'm also a reasonable #software #developer (just don't ask me to pass a software engineering interview loop) and a pretty good #Linux and #OpenBSD sysadmin. I also know my way around #database systems, preferably #PostgreSQL or #MySQL.

I like to think I'm reasonably competent at what I do. My employer has agreed for over 15 years at this point, for whatever that's worth.

What would I say it is I do here? When I'm not guarding my stapler, I like to read fantasy novels and I play #GenshinImpact and #HonkaiStarRail. I'm also making my way through #TearsOfTheKingdom slowly. No multi-player games for me, not even tabletop anymore, but I might watch if you're streaming.

https://blog.checkpoint.com/security/fluhorse-check-point-research-exposes-a-newly-discovered-malware-disguised-as-east-asian-legitimate-popular-android-apps/
#malware #FluHorse #2fa #2FactorAuthentication #credentials

https://nakedsecurity.sophos.com/2023/04/26/google-leaking-2fa-secrets-researchers-advise-against-new-account-sync-feature-for-now/
#2factorauth #google #2fa #2FactorAuthentication

Zwei-Faktor-Authentifizierung: #GitHub macht Ernst | heise online https://www.heise.de/news/Zwei-Faktor-Authentifizierung-GitHub-macht-Ernst-7541563.html #2FA #2FactorAuthentication #2factorauthentification

Why do so few banking apps support TOTP 2 factor authentication? I've found that banking apps either rely on SMS/email for a second factor, or they support TOTP but only through a one-off app that can't be used for other TOTPs. So annoying!

Anyone know of a bank that lets you use Google Authenticator/Aegis/Authy for a TOTP?

#security #totp #2FactorAuthentication

A very nice article about the phenomenon of scam authenticator apps

"In fact, an app that uploads your seeds to a server anywhere in the world is either so incompetent that you should stop using it immediately, or so untrustworthy that you should treat it as cybercriminal malware."

#Cybersecurity #Privacy #InfoSec #2FA #2FactorAuthentication

https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/

Hack bei Activision – was sind schon "sensible" Daten... | heise online https://www.heise.de/news/Hack-bei-Activision-was-sind-schon-sensible-Daten-7523198.html #Hacking #Datenschutz #privacy #2FA #2FactorAuthentication #2FactorAuthentification