this post was submitted on 16 Sep 2023
8 points (100.0% liked)

Security

633 readers
5 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
LinearArray@programming.dev
8
When MFA isn't actually MFA (retool.com)
submitted 1 year ago by TheCee@programming.dev to c/security@programming.dev
2 comments fedilink hide all child comments
top 2 comments
sorted by: hot top controversial new old
[–] wyrmroot@programming.dev 6 points 1 year ago

Google recently released the Google Authenticator synchronization feature that syncs MFA codes to the cloud … if your Google account is compromised, so now are your MFA codes.

Wow, what an awful idea. Reduces the authenticator app right back to the “my email is my second factor for everything” level of security.

[–] Nefrace@programming.dev 2 points 1 year ago

Just... why? Didn't we already learned that cloud based password managers are stupid? That's why I'm using my own instance of Vaultwarden on my own home server