I guess it's better late than never.
GOG add support for authenticator apps for two-factor authentication (2FA)
#multifactorauthentication
In this episode, we explore the rising importance of Multi-Factor Authentication (MFA) in today’s cybersecurity landscape. Learn how MFA protects against phishing, credential theft, and brute-force attacks—and why relying on passwords alone is no longer enough.
#CyberSecurity #MFA #MultiFactorAuthentication #OnlineSafety #DigitalSecurity #DataProtection
Is MFA authenticator anxiety a thing? Is there a name for it?
I always have enough time when I open the authenticator app and put in the code before it times out, but I still get nervous that I will run out of time before the new number appears.
Is there a name for that type of feeling?
Phishing attacks that defeat MFA are easier than ever. So what are we to do? https://arstechni.ca/YwpE9 #multifactorauthentication #passwords #Security #phishing #webauthn #Biz&IT #mfa
Smishing Attacks Rise: How to Spot and Stop SMS Phishing
SMS-based phishing attacks, known as smishing, are on the rise, targeting businesses with sophisticated social engineering tactics. These attacks often begin with urgent text messages containing disguised links, redirecting victims to fake login pages. Attackers exploit human emotions and create a false sense of security by using legitimate domains like Google as intermediaries. The process typically involves a deceptive SMS, followed by redirects to a phishing page impersonating trusted platforms like ServiceNow. Victims are then prompted to enter login credentials and fake multifactor authentication, potentially leading to unauthorized access and data breaches. The report emphasizes the importance of employee education and vigilance in recognizing and preventing these evolving threats.
Pulse ID: 680fac68ed0e03b794f6de39
Pulse Link: https://otx.alienvault.com/pulse/680fac68ed0e03b794f6de39
Pulse Author: AlienVault
Created: 2025-04-28 16:27:20
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DataBreach #Education #Google #ICS #InfoSec #MultiFactorAuthentication #OTX #OpenThreatExchange #Phishing #Rust #SMS #Smishing #SocialEngineering #bot #AlienVault
Learn about zero-trust security, its advantages, and disadvantages, best practices, and approaches to implementation. Find out how to protect sensitive data and prevent unauthorized access with this methodology. Improve your network infrastructure and security policies using multi-factor authentication, access controls, encryption, network segmentation, behavioral analytics, and machine learning. #ZeroTrustSecurity #CyberSecurity #NetworkSecurity #DataProtection #MultiFactorAuthentication #Encryption #NetworkSegmentation #BehavioralAnalytics #MachineLearning #InformationSecurity #security #data #network #analytics #infrastructure https://medium.com/@sanjay.mohindroo66/zero-trust-security-advantages-disadvantages-and-best-practiceszero-trust-security-advantages-fb0da0c507e1
Microsoft Entra is turning up the security heat with AI-driven Smart Lockout and forced MFA. But can tighter protection coexist with a smooth user experience? Dive into the debate on balancing safety and convenience.
#microsoftentra
#smartlockout
#multifactorauthentication
#cybersecurity
#identityprotection
🍲 Daemon Soup: The Cybersecurity Tiers of Small Businesses #cybersecurity, #smallbusiness, #digitaldefense, #DaemonSoup, #cybersecuritytiers, #businesssecurity, #passwordprotection, #employeetraining, #multifactorauthentication, #encryption, #penetrationtesting, #firewalls, #antivirus, #cybersecuritystrategy, #dataprotection, #securitybestpractices, #cyberthreats, #ITsecurity, #systemfortification, #cyberresilience, #threatdetection
Cybercriminals have exploited simple password reuse to drain AUD 500K from Australian pension funds. Is your retirement savings secure? Read on to uncover the vulnerabilities.
#cybersecurity
#credentialstuffing
#australianpensionfunds
#cyberattacks
#multifactorauthentication
Understanding and Defending Against Credential Stuffing Attacks
https://thedefendopsdiaries.com/understanding-and-defending-against-credential-stuffing-attacks/
#credentialstuffing
#cybersecurity
#passwordsecurity
#multifactorauthentication
#cyberthreats
I hear very often that the cloud is secure because Multi Factor Authentication (MFA) is enabled, so all accounts are secure.
What about the service accounts and the (break glass) global administrator account?
Or in Azure: do you have a conditional access policy that excludes accounts from MFA?
What about MFA phishing with evilginx?
=> Apply a defense-in-depth strategy also in cloud environments.
Navigating the Quantum Threat: Securing Our Digital Future
https://thedefendopsdiaries.com/navigating-the-quantum-threat-securing-our-digital-future/
#quantumcomputing
#postquantumcryptography
#cybersecurity
#encryption
#multifactorauthentication
Unlocking the Secrets to Unbreakable Passwords: Your Ultimate Guide to Online Security
791 words, 4 minutes read time.
In today’s digital age, safeguarding your online presence has never been more critical. With cyber threats lurking around every corner, ensuring your accounts are protected by strong, unique passwords is paramount. This comprehensive guide will walk you through the essentials of creating and maintaining robust passwords, helping you fortify your digital defenses.
Introduction
Imagine leaving your front door wide open, inviting anyone to walk in. That’s essentially what you’re doing when you use weak passwords online. Cybercriminals are constantly on the prowl, seeking easy targets. By bolstering your password strength, you can deter these malicious actors and keep your personal information safe.
The Anatomy of a Strong Password
A formidable password is your first line of defense against unauthorized access. But what makes a password strong? Let’s break it down:
- Length Matters: Aim for passwords that are at least 12 characters long. The longer your password, the more combinations a hacker has to guess, making their task exponentially harder.
- Complexity is Key: Incorporate a mix of uppercase and lowercase letters, numbers, and special symbols. This diversity adds layers of difficulty for anyone attempting to crack your code.
- Unpredictability: Steer clear of common words, phrases, or easily guessable information like birthdays or pet names. Instead, opt for random combinations that don’t form recognizable patterns.
Crafting Your Fortress: Methods for Creating Strong Passwords
Creating a robust password doesn’t have to be a daunting task. Here are some effective strategies:
- Passphrases: Combine unrelated words to form a phrase that’s easy for you to remember but tough for others to guess. For example, “SunflowerJazzMountainRiver” is both lengthy and complex.
- Password Managers: These tools can generate and store complex passwords for you, ensuring each of your accounts has a unique key. Services like LastPass offer password generators that create strong passwords, reducing the burden on your memory.
- Personal Algorithms: Develop a formula that only you know. For instance, take the first letters of a memorable sentence and mix in numbers and symbols. “I love to travel to 5 countries every year!” becomes “Ilt2t5c3y!”.
Avoiding Common Pitfalls
Even with the best intentions, it’s easy to fall into habits that compromise your security. Here are some mistakes to watch out for:
- Password Reuse: Using the same password across multiple sites is a recipe for disaster. If one account is breached, all your accounts become vulnerable.
- Simple Substitutions: Replacing ‘a’ with ‘@’ or ‘o’ with ‘0’ is no longer sufficient. Hackers are well-versed in these tricks and can easily bypass them.
- Neglecting Updates: Regularly updating your passwords adds an extra layer of security. Aim to change them at least once every six months.
Enhancing Security with Additional Tools
Beyond strong passwords, consider these tools to bolster your online security:
- Multi-Factor Authentication (MFA): This requires multiple forms of verification to access an account, making unauthorized access significantly more difficult.
- Password Managers: As mentioned earlier, they not only generate strong passwords but also store them securely, so you don’t have to remember each one.
- Regular Monitoring: Keep an eye on your accounts for any suspicious activity. Services like HaveIBeenPwned can alert you if your information has been compromised.
Maintaining Vigilance: Best Practices
Staying secure is an ongoing process. Here are some habits to adopt:
- Educate Yourself: Stay informed about the latest security threats and updates. Knowledge is a powerful tool in protecting yourself.
- Be Skeptical: Phishing attempts are common. Always verify the source before clicking on links or providing personal information.
- Secure Your Devices: Ensure your devices have the latest security updates and use reputable antivirus software.
Conclusion
Protecting your online identity starts with strong, unique passwords. By implementing the strategies outlined in this guide, you can significantly reduce the risk of unauthorized access and keep your personal information safe. Remember, in the digital world, a robust password is your best defense.
For more insights on creating strong passwords, visit Microsoft’s guide on creating and using strong passwords.
Stay updated with the latest cybersecurity practices by following the Cybersecurity & Infrastructure Security Agency (CISA).
D. Bryan King
Sources
- How to Create a Strong Password in 2025: Examples and Guide
- Internet Safety: Creating Strong Passwords – GCFGlobal
- How to Create a Secure Password – Cybersecurity Tips
- How to Create a Strong Password – WordPress Security – YouTube
- How to Create a “Strong” Password | Mrs. Martin’s Music Room
- 4 Tips to Strengthen Your Passwords
- PiXi: Password Inspiration by Exploring Information
- You should actually ignore ’90 day’ password rule – as experts warn ‘myth’ is easy way to become instant ‘victim’
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#avoidPasswordHacks #avoidWeakPasswords #bestPasswordPractices #bestSecurityPractices #bestWaysToSecurePasswords #createSecurePasswords #createStrongPasswords #cyberProtection #cybersecurityAwareness #cybersecurityForBeginners #CybersecurityTips #digitalIdentityProtection #digitalSecurity #encryptedPasswords #hackingPrevention #howToMakeAStrongPassword #howToSecureAccounts #identityTheftProtection #MFASecurity #multiFactorAuthentication #onlinePasswordProtection #onlinePrivacy #onlineSafety #OnlineSecurity #passwordBestPractices #passwordCrackingPrevention #passwordHackingPrevention #passwordManagement #passwordManagerBenefits #passwordManagerTools #passwordProtection #passwordSafety #passwordSafetyTips #PasswordSecurity #passwordSecurity2025 #passwordSecurityAwareness #passwordSecurityGuide #passwordSecurityTips #passwordSecurityTools #passwordStrengthChecker #passwordVault #personalDataProtection #preventHacking #preventIdentityTheft #preventPasswordLeaks #preventPhishingAttacks #protectPersonalData #safeOnlinePractices #safePasswordTips #secureLoginTips #secureOnlineAccounts #secureYourPasswords #stopHackers #strongPasswordGenerator #strongPasswordStrategies #strongPasswords #TwoFactorAuthentication
A lot of banks in the Philippines still rely on SMS for #2FA, despite how insecure it is—easily spoofed, intercepted, and unreliable. Some use in-app confirmations via their mobile app, but if you lose access to your phone, you're probably locked out. Why not support standard authentication apps like #2FAS, #Aegis, #Bitwarden, #Vaultwarden, or #KeePassXC, which have TOTP support and easy backups? That way, I wouldn’t have to worry about losing access. #MFA #MultiFactorAuthentication #Security
#multifactorauthentication #mfa #2fa #cybersecurity #TOTP #passkey #passkeys
I'm looking for things to use TOTP or passkeys with that I might not have thought of.
Let me know what you think!
Currently I'm using Keyguard (with bitwarden of course) for passwords, and Stratum/Authenticator Pro for TOTP with Google, Discord, Microsoft, and Wyze, but I'm wondering about anything else that's a no-brainer I could add MFA/keys to for secure login alternatives.
Thanks!
The Cybersecurity and Infrastructure Security Agency has issued a warning against using SMS for multi-factor authentication due to interception risks. #Cybersecurity #CISA #MobileSecurity #MultiFactorAuthentication #MFA #Phishing #FIDO2 #Authentication #OnlineSafety
https://winbuzzer.com/2024/12/20/cisa-urges-not-to-use-sms-for-multi-factor-authentication-xcxwbn/
#MFA-Schutz von Microsofts #Azure war aushebelbar | Security https://www.heise.de/news/Microsoft-Azure-MFA-Schutz-war-aushebelbar-10198961.html #Microsoft #MicrosoftAzure #MultifaktorAuthentizifierung #MultifactorAuthentication #MultifactorAuthentification
"GitHub noreply@github.com
Fri, Dec 13, 7:12 PM (12 hours ago)
to me
Hey [redacted]!
We're reaching out to let you know that, as announced last year, we have officially begun requiring users who contribute code on GitHub.com to have two-factor authentication (2FA) enabled.
Your account meets this criteria, and you will need to enroll in 2FA within 45 days, by January 27th, 2025 at 00:00 (UTC). After this date, your access to GitHub.com will be limited until you enroll in 2FA. Enrolling is easy, and we support several options, starting with TOTP apps and text messages (SMS) and then adding on passkeys and the GitHub Mobile app."
Fucking GitHub.
It's not 2FA.
2FA is two factors.
A username and a passphrase are already two factors!
Also see: Citadel BBSes, where they only asked for a passphrase (one factor authentication).
Well, unless SysOps turned on "paranoid mode" which then prompted for a username and a passphrase, thus: TWO factor authentication.
Whatever bull it.sh GitHub is on about again is MFA (Multi-Factor Authentication) but they're too fucking stupid to use the correct terminology and since they were bought by Micro$oft they're never going to get smarter, only dumber.
I remember dealing with something similar from them a year or two ago?
I enumerated, I think as many as six, possibly seven different authentication factors?
As it stands:
1. username
2. passphrase
3. often (but not always) when attempting to login from a different IP/browser/whathaveyou it will send a "Verification Code" to the associated email address (so at least three, but maybe 4 depending on how you count)
4. SSH keys. When I checkout/clone a repository/branch/fork and push changes, it prompts me for an SSH key.
5. My SSH keys are also passphrase protected.
6. Passkeys are an option (apparently, I feel as if since I am already using no fewer than 4-5 authentication factors, adding 6 is starting to get fucking idiotic).
7. TOTP options? (That requires like: an app or a physical dongle/token, and apps also require phones, so that's really more like 8)
8. SMS/text messages aka Phone numbers (which also require a phone and a subscription/service so maybe more like 9) Moreover, given that EVEN THE FBI is recommend people STOP USING TEXT MESSAGES? THIS HAS TO BE THE FUCKING STUPIDEST IDEA EVER!
What was wrong with just sending a verification code to an SMTP address during login attempts like you have already been doing for fucking years?
I hate GitHub.
If you don't hate GitHub, I think: maybe you aren't experienced enough to understand why anyone would hate them.
But great, now I have 45 days to jump through some more bull it.sh because GitHub is staffed by absolute morons apparently.
Or maybe GitHub has been replaced by an LLM which can't count above two? Maybe that would explain it and their absolutely atrocious demeaning of terminology when more accurate terminology has existed for an awfully long time already.
Of course, GitHub aren't the only morons to misuse the phrase 2FA when they should be using the phrase MFA; but I don't tend to encounter the other morons insisting I enable 2FA when I am already using at least 4 authentication factors in any given code modification with their shitty hosted proprietary DVCS.
#GitHub #2FA #MFA #MultiFactorAuthentication #GitHubCannotCount #SecurityTheater #Bullshit
Fri, Dec 13, 7:12 PM (12 hours ago)
to me
Hey [redacted]!
We're reaching out to let you know that, as announced last year, we have officially begun requiring users who contribute code on GitHub.com to have two-factor authentication (2FA) enabled.
Your account meets this criteria, and you will need to enroll in 2FA within 45 days, by January 27th, 2025 at 00:00 (UTC). After this date, your access to GitHub.com will be limited until you enroll in 2FA. Enrolling is easy, and we support several options, starting with TOTP apps and text messages (SMS) and then adding on passkeys and the GitHub Mobile app."
Fucking GitHub.
It's not 2FA.
2FA is two factors.
A username and a passphrase are already two factors!
Also see: Citadel BBSes, where they only asked for a passphrase (one factor authentication).
Well, unless SysOps turned on "paranoid mode" which then prompted for a username and a passphrase, thus: TWO factor authentication.
Whatever bull it.sh GitHub is on about again is MFA (Multi-Factor Authentication) but they're too fucking stupid to use the correct terminology and since they were bought by Micro$oft they're never going to get smarter, only dumber.
I remember dealing with something similar from them a year or two ago?
I enumerated, I think as many as six, possibly seven different authentication factors?
As it stands:
1. username
2. passphrase
3. often (but not always) when attempting to login from a different IP/browser/whathaveyou it will send a "Verification Code" to the associated email address (so at least three, but maybe 4 depending on how you count)
4. SSH keys. When I checkout/clone a repository/branch/fork and push changes, it prompts me for an SSH key.
5. My SSH keys are also passphrase protected.
6. Passkeys are an option (apparently, I feel as if since I am already using no fewer than 4-5 authentication factors, adding 6 is starting to get fucking idiotic).
7. TOTP options? (That requires like: an app or a physical dongle/token, and apps also require phones, so that's really more like 8)
8. SMS/text messages aka Phone numbers (which also require a phone and a subscription/service so maybe more like 9) Moreover, given that EVEN THE FBI is recommend people STOP USING TEXT MESSAGES? THIS HAS TO BE THE FUCKING STUPIDEST IDEA EVER!
What was wrong with just sending a verification code to an SMTP address during login attempts like you have already been doing for fucking years?
I hate GitHub.
If you don't hate GitHub, I think: maybe you aren't experienced enough to understand why anyone would hate them.
But great, now I have 45 days to jump through some more bull it.sh because GitHub is staffed by absolute morons apparently.
Or maybe GitHub has been replaced by an LLM which can't count above two? Maybe that would explain it and their absolutely atrocious demeaning of terminology when more accurate terminology has existed for an awfully long time already.
Of course, GitHub aren't the only morons to misuse the phrase 2FA when they should be using the phrase MFA; but I don't tend to encounter the other morons insisting I enable 2FA when I am already using at least 4 authentication factors in any given code modification with their shitty hosted proprietary DVCS.
#GitHub #2FA #MFA #MultiFactorAuthentication #GitHubCannotCount #SecurityTheater #Bullshit
All politics aside, this is why #multifactorauthentication #2FA #twofactorauthentication are all important.
Das #MFA Setup bei #GitLab ist ja auch bescheuert. Hardware tokens (yubikeys und so) kannst du beliebig viele einrichten, #TOTP-authenticator nur einen. Wäre ja kein Problem, aber wenn du den TOTP-Authenticator neu einrichten willst (zb. weil das Smartphone wo er drauf war eingegangen ist) musst du mfa komplett deaktivieren (und damit auch *alle* hardware tokens entfernen), um dann alles wieder neu zu registrieren..
Wer hat sich diesen Schmarren ausgedacht?
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst