this post was submitted on 20 Dec 2024
634 points (98.5% liked)

Technology

60115 readers
2576 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
634
Feds Warn SMS Authentication Is Unsafe After ‘Worst Hack in Our Nation’s History’ (gizmodo.com)
submitted 1 week ago by return2ozma@lemmy.world to c/technology@lemmy.world
163 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] randon31415@lemmy.world 34 points 6 days ago (1 children)

Authentication for my work email: Enter 28 character password, receive sms, enter message, log in

Authentication for my Battle.net account:

-Enter email made before 2000 because they don't let you change email

-Enter password

-Get rejected

-Solve CAPTCHA

-Try backup passwords, get rejected

-Request new password

-Send request to 24 year old email

-Try to log on to 24 year old email, email is suspicious and sends Authentication request to my newer email

-Open newer email, Authenticate older email

-open old email, Put in code to battle.net

-Battle.net requests Authenticator code from Battle.net app

-Open battle.net app (no requests)

-Try manual code, doesn't work

  • Realize Battle.net app Authenticator not connected

-Try to connect Battle.net app Authenticator to account

-Realize you cannot connect Authenticator without signing in AND signing in requires Authenticator

-Close Battle.net app

-Open Blizzard Authenticator

-Close warning that this app got depreciated in January

-Enter manual code

-it works

-Attempt to change password to password I first attempted

-Won't let me use same password

-Try logging in using that password

-Still doesn't work - Solve one more CAPTCHA

-Change password to backup password and back to original password - have to solve 2 more Captchas

-Finally works

-Log in

[–] lambda@programming.dev 1 points 5 days ago (1 children)

That just kept going. I feel you, but maybe try a password manager? You open it up, type blizzard and it tells you exactly what password you used. Even better, it can generate really good passwords for you.

I use bitwarden.

[–] WordBox@lemmy.world 1 points 3 days ago

It didn't accept the password that was set.

[–] finitebanjo@lemmy.world 25 points 6 days ago* (last edited 6 days ago) (2 children)

The end of an era.

Or actually, probably not until we redo whole cellular phone technology works and kick out all the bad actors using SS7 vulnerabilities for stuff like spoofing numbers and stealing messages. We really shouldn't be using a 45 year old system for almost all communications.

[–] Agent641@lemmy.world 7 points 6 days ago* (last edited 6 days ago) (2 children)

Use Telegram.

Not the app, the 200 year old wire radio messaging system based on Morse code, E2EE (Elderly man to Elderly man Enciphered)

load more comments (2 replies)
[–] 01189998819991197253@infosec.pub 3 points 5 days ago* (last edited 5 days ago)

In their defense, they JUST applied an update in March 1993, so they're knocking on the doors of cutting edge technology updates -_-

Edit: added link

[–] ChaoticEntropy@feddit.uk 10 points 6 days ago* (last edited 5 days ago) (1 children)

So many services still don't even offer 2FA at all. Any service that stores payment information and PII without any 2FA options, let alone a secure one, at this point are a disgrace.

[–] 01189998819991197253@infosec.pub 2 points 5 days ago

Banks, I'm looking at you

[–] DragonTypeWyvern@midwest.social 7 points 6 days ago (1 children)

Incoming forced 4-factor authentication

[–] Agent641@lemmy.world 10 points 6 days ago* (last edited 6 days ago)

Something you know, something you are, something you have, and something you saw in a dream once when you were a kid at summer camp during a feverish Dr Pepper-overdose-driven fitful sleep at age 12.

[–] Spacehooks@reddthat.com 2 points 6 days ago (2 children)

What are yall using as an alternative?

[–] trxxruraxvr@lemmy.world 3 points 5 days ago (1 children)

TOTP or Signal, depending on the use-case

[–] Spacehooks@reddthat.com 1 points 5 days ago (1 children)

Any examples on what could cause the preference?

[–] trxxruraxvr@lemmy.world 2 points 5 days ago (1 children)

Usually signal for communication, totp for 2fa. I've as of yet seen only one site that sends 2fa codes through signal.

[–] Spacehooks@reddthat.com 1 points 5 days ago

Oh interesting thanks

load more comments
view more: next ›