Apparently my failed attempt to set up #2FA for #GitHub was due to some browser extension. Although I've explicitly granted access to all domains temporaily in those extensions (adblocker, JS blocker etc.) it still hadn't worked. Only after I've completely disabled forecited extensions it finally worked.😪

Having said that: GitHubs #captcha's are ridiculous!

See here:
https://github.com/orgs/community/discussions/64625

1/2

Ars Technica: Gmail will lock important settings behind a pop-up 2FA challenge https://arstechnica.com/?p=1962854 #Tech #arstechnica #IT #Technology #two-factorauthentication #google #gmail #Tech #2fa

Today I fully #secured my accounts on #GitHub and #Codeberg!

I created a #PGPKey which I use on both services and two access #tokens, since I now have enabled #2FA on both.

This brought the need of a #password manager. I use #MXLinux's default on my #XFCE laptop and now I look for one to use on my #Fedora #Kinoite desktop, available on #Flathub.

Do you folks have any suggestions? Which one is the most secure?

Also, where else could I use my PGP key now?

#git #privacy #encryption

Nutzt ihr Authentication Apps und wenn ja, welche? #2FA

Referenced link: https://www.darkreading.com/application-security/pypi-2fa-requirements-dont-go-far-enough
Originally posted by Dark Reading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1665808588969844737#m

Securing the software supply chain will require more than #2FA, #cybersecurity experts tell @wirelesswench in reaction to new #PyPl user account rules https://www.darkreading.com/application-security/pypi-2fa-requirements-dont-go-far-enough

Google is going to delete your data forever, if you haven't logged into your account for two years.

Read more in my article on the Bitdefender blog:

https://www.bitdefender.com/blog/hotforsecurity/google-is-going-to-delete-your-data-forever-if-you-havent-logged-into-your-account-for-two-years/

#cybersecurity #google #accountrecovery #2fa

#Google leaking #2FA secrets – researchers advise against new “account sync” feature for now.

https://nakedsecurity.sophos.com/2023/04/26/google-leaking-2fa-secrets-researchers-advise-against-new-account-sync-feature-for-now/

I would suggest you to avoid using the Google Authenticator app at all. According to the #privacy report for the app, you are being tracked while using it (I.e. they declare to collect your position while using it even if it’s not useful to the app itself).

#privacyMatters

Google Authenticator Now Supports Backing Up #2FA Codes Using Google Account https://ino.to/cvQlxMy

Google Authenticator မှာ account syncing ပါလာတာကို ဘာလို့မျှော်နေကြတာလဲဆိုတာ နားမလည်နိုင်ဘူး။

Authenticator စသုံးတည်းက သူများကိုယ့် OTP ကုဒ်ကိုဖတ်မရအောင် locally သိမ်းချင်လို့ သုံးကြတာမဟုတ်ဘူးလား။ အဲ့ဒါကို ဘာလို့များ remotely ကိုယ့် OTP ကုတ်ကို သိသွားအောင်၊ မှတ်ထားလို့ရအောင် လုပ်ချင်နေကြတာလဲမသိဘူး။ 🧐

Remotely သိမ်းချင်မှတော့ အစတည်းက Authenticator မသုံးဘဲ SMS OTP ပဲသုံးလိုက်တော့ပေါ့ သိပ်မှမထူးတာကို 🥴

#GoogleAuthenticator #Authenticator
#AccountSyncing #SMSOTP #2FA

Referenced link: http://cs.co/6017ODyeR
Originally posted by Duo Security / @duosec@twitter.com: https://twitter.com/duosec/status/1641182635903840258#m

🏆 We're excited to share that Duo was named the best two-factor authentication app by The New York Times @wirecutter! See why Duo is recommended for its #security, reliability, and more!

#2FA #MFA #cybersecurity ✅ http://cs.co/6017ODyeR

Yo I can post to Mastodon over ssh this is so cool! I had to log in with my browser on Windows though, Lynx doesn't support #2FA.

Ars Technica: Still using authenticators for MFA? Software for sale can hack you anyway https://arstechnica.com/?p=1924036 #Tech #arstechnica #IT #Technology #multifactorauthentication #two-factorauthentication #accounttakeovers #phishing #Biz&IT #2fa #mfa

The best open-source 2FA apps for Linux & Android:
https://www.linuxtechmore.com/2023/03/the-best-open-source-2fa-apps-for-linux-and-android.html

#opensource #Linux #2FA

Ars Technica: The time has come: GitHub expands 2FA requirement rollout March 13 https://arstechnica.com/?p=1923288 #Tech #arstechnica #IT #Technology #softwaredevelopment #passwords #passkeys #security #GitHub #Tech #2fa

Big #CyberAttacks happening all over the place right now! Even a #fediverse instance was compromised! And a few #Mastodon instances were hit with #DDoS attacks, Fosstodon and mastodon.social being two.

Remember this: Your server is not safe from being compromised. Even that small instance with just a few friends, or that tiny server just for yourself. This could escalate and your server could be compromised too. However, here are some tips to keep your accounts safe:

- Enable Two-factor authentication on your account! You can use #TOTP for #2FA. If someone gets your password they’ll need to enter a code stored on your phone that randomly changes every few seconds.
- Create alt accounts. If your server goes down then you can still talk to followers on your alt on a different server. I have accounts on multiple Mastodon servers, as well as my own instance. Since this is the fediverse, people can still follow your other accounts and it is easy to move between servers.
- Do not reuse the same password. If someone gets your password, they will try it on your other accounts. Soon all the accounts that use the same password will all be breached. Use different passwords for each account instead, and change your passwords if your accounts get breached. Long complex passwords are encouraged.
- Keep your server secure. If you run a server, hackers will try to break into your server, steal your data, then turn it malicious. Some tips I suggest are changing your SSH port, installing fail2ban, using SSH keys and using a strong password. Do this for your server’s account, as well as your fediverse account.

If you are already following the tips above, then you are fine. But most are not, so I’m just letting people know in case they haven’t already done so.

Please boost this post to spread the word, and have a nice day.

#CyberSecurity #OPSec #InfoSec #CyberAttack

Top 3 Tech Daily News: 84 yo women holdout $1M home, Asking a lot of questions make you popular, Use 2FA for personal apps #holdout #millionaire #inquiry #popular #2FA #cybersecurity #nerds #geeks #entrepreneurs https://youtube.com/shorts/9E7lXWasRrs?feature=share

Current project: setting all my #2FA that can't use a security key to use #1Passwword as the authenticator app.

Ars Technica: Twitter’s two-factor authentication change “doesn’t make sense” https://arstechnica.com/?p=1918817 #Tech #arstechnica #IT #Technology #two-factorauthentication #Identitytheft #ElonMusk #security #Twitter #Biz&IT #2fa

As Twitter forces users to remove text message 2FA, it’s in danger of decreasing security

https://grahamcluley.com/as-twitter-forces-users-to-remove-text-message-2fa-its-in-danger-of-decreasing-security/

#cybersecurity #2fa #twitter

@nixCraft #SMS for #2FA is obselete. I prefer #TOTP for 2FA since it also relies on smartphones, and uses a 6-digit key just like SMS.