Thursday, September 14


Daily News Stuff 14 September 2023

2FA Or Not 2FA Edition

Top Story

  • When MFA ain't. (Retool)

    MFA - multi-factor authentication - is when you need something you know (a password) plus something you have (a hardware authentication device) to log in to a critical piece of infrastructure.

    But hardware authentication devices are inconvenient, so we have authentication apps that run on our phones.

    And losing your authentication codes is inconvenient, so these apps sync to the cloud.

    And the cloud is where your email probably is, and where password reset requests go.

    Meaning that if you use the same cloud for your password resets and your authentication syncing, you don't have MFA anymore. Indeed, you have Sweet FA if someone gets into your email account.

    Good writeup by Retool in how they were hacked - and why their non-cloud customers weren't affected at all.

Tech News

Disclaimer: Or is it?

Posted by: Pixy Misa at 06:07 PM | Comments (3) | Add Comment | Trackbacks (Suck)
Post contains 407 words, total size 3 kb.

1 The guy who wrote that Tom Shardware article is the same one who wrote "Just buy an RTX 2000 card, they're actually totally worth it" in 2018.

Posted by: Rick C at Friday, September 15 2023 12:08 AM (BMUHC)

2 Yanno, it's not really the user's fault when black hats get their passwords. since by far the largest source of hacked passwords on the market are cracked servers that expose everyone's user accounts.

I keep mine backed up on a Rolodex. The more critical ones are just a memory trigger rather than the code.

Posted by: Mauser at Friday, September 15 2023 09:31 AM (BzEjn)

3 BTW, edit buttons fails, takes me back to the root page.

Posted by: Mauser at Friday, September 15 2023 09:32 AM (BzEjn)

Hide Comments | Add Comment

Apple pies are delicious. But never mind apple pies. What colour is a green orange?

51kb generated in CPU 0.0132, elapsed 0.0984 seconds.
58 queries taking 0.0884 seconds, 345 records returned.
Powered by Minx 1.1.6c-pink.