Got a brand new Yubikey. My previous Neo model will now be the backup. I've finally got two keys, after 5 years 😄 that should be safer in case I lose the main one. I've started registering it as a security key wherever I used to have the Neo.
Turns out my Neo was previously registered as a security key at Google, but I deleted it and it won't accept it back, it tells me to try another model 😕. Also, could not add two security keys to Paypal, it only accepts one.
#webauthn #twofactor #yubikey

https://www.schneier.com/blog/archives/2005/02/the_curse_of_th.html

This was written nearly 20 years ago… yet today… I see examples of this "wish it were two factor" all over the place.

One being the leave booking system my workplace now uses (Oracle NetSuite).

You want to do two-factor, fine, let's do it *properly*. FIDO2 WebAuthN.

Want to pretend? Don't bother! (And people why I want to leave the IT sector?)

#InfoSec #TwoFactor #rant

#TwoFactor #Authentication Apps: Mistakes To #Malware
https://hackaday.com/2023/05/17/two-factor-authentication-apps-mistakes-to-malware/

The Verge: #Google #Authenticator finally, mercifully adds account syncing for #TwoFactor codes #2fa https://www.theverge.com/2023/4/24/23696058/google-authenticator-app-account-syncing-multiple-devices

Call me paranoid, but I still don’t think you should store #twofactor codes in your password manager. You’re putting all your eggs in one basket. Maybe it’s a good basket, but stilll.

Barn door slamming....#GitHub will start requiring active developers to enable #TwoFactor #authentication #2F on their accounts beginning next week, on March 13. Once expanded to the company's entire user base, the 2FA enrollment requirement will help #secure the accounts of more than 100 million users. https://www.bleepingcomputer.com/news/security/github-makes-2fa-mandatory-next-week-for-active-developers/

Okay infosec.exchange, I'm sticking around. I finally went over to >Edit Profile >Account >Two-Factor Auth and pointed Authy at it, and saved my backup codes in a KeePass database which is backed up on my Google Drive. I use Chrome to save my "casual web" passwords, and everything else goes in that KeePass manager.

I want to move away from Chrome (back to Firefox), but I need that sweet sweet autofill. I also every day carry a #YubiKey. Top online password manager suggestions for me? Roll my own? Polite suggestions if I'm doing something terribad pls.

#2FA #keepass #authy #chrome #passwordmanager #twofactor

I can now use a Yubi Key to lock my iPhone down even more

Apple announces physical Security Key support for Apple ID two-factor, new iMessage verification technology https://9to5mac.com/2022/12/07/apple-security-key-apple-id-imessage-verification/

#Apple #SecurityKey #AppleID #TwoFactor #iMessages

Why do users hate #2FA so much. Like it's the biggest inconvenience in the world to enter a 6-digit code from the Authenticator App... Feck me!

#Security #twofactor #ms365

Oh! 2FA works with Duo. I set mine up last night. #security #twofactor #2fa

setup #twofactor on your #mastodon logins

please, please do not re-use your #passwords!

i saw a rumour that your #mastodon admins can get access to your password.

it is true!

this is also true for *all other websites*!

the only way to mitigate this is to generate a new password for every site (or use an open-id-connect provider you yourself own, which nobody does)

and, remember to activate #twofactor!

I wrote this a while back, aimed principally at LGBT+ people, but it's relevant to everyone:

How to secure your online accounts; essentially a clear guide to setting up two factor auth, and why you should do it.

Maybe I should add a section on how to add 2fa for Mastodon, too.

Meanwhile, you can download from https://bluf.com/files/SecuringAccounts.pdf

#2fa #security #lgbtq #twofactor

Einmal-Passwörter korrekt exportieren (Secret auslesen)
http://feedproxy.google.com/~r/stadt-bremerhaven/dqXM/~3/RdWnjxtxerY/
📱 #Shaarli💫 #passwörter #security #2f #twofactor 🗝 🔐
https://ripf.de/m/aeyygey

#DZone #JavaZone "How to Implement Two-Factor Authentication in a Spring Boot OAuth Server? Part 1: Configuration" #Java #2FA #Authentication #TwoFactor #OAuth ... https://dzone.com/articles/how-to-implement-2fa-spring-boot-oauth-server-part-1

#DZone #JavaZone "How to Implement Two-Factor Authentication in a Spring Boot OAuth Server? Part 1: Configuration" #Java #2FA #Authentication #TwoFactor #OAuth ... https://dzone.com/articles/how-to-implement-2fa-spring-boot-oauth-server-part-1

#DZone #JavaZone "How to Implement Two-Factor Authentication in A Spring Boot OAuth Server? Part 2: Under the Hood" #Java #2FA #Authentication #TwoFactor #OAuth ... https://dzone.com/articles/how-to-implement-2fa-spring-boot-oauth-server-part-2

#DZone #JavaZone "How to Implement Two-Factor Authentication in A Spring Boot OAuth Server? Part 2: Under the Hood" #Java #2FA #Authentication #TwoFactor #OAuth ... https://dzone.com/articles/how-to-implement-2fa-spring-boot-oauth-server-part-2

#Secure your #Nextcloud authentication without the need to fiddle with codes or text messages! Use #twofactor via Nextcloud Notifications!
https://rullzer.com/2018/10/19/two-factor-via-nextcloud-notifications/