Hello again, friends of #BSDCafe and all around the #Fediverse,

Eager to learn more about maneuvering through Mastodon? Here's what we have for you today:

• Get involved with the #local and #federated timelines. This is an excellent way to discover new people and topics. The local timeline shows posts from your server, while the federated timeline displays posts from servers yours is connected with.

• Don’t forget to check the #trending hashtags. A great way to keep up with hot topics, events, or conversations in the Fediverse. Just click on one and join the discussion!

• Like any community, Mastodon appreciates good #netiquette. Be kind, be thoughtful, and remember there's a real person behind each account. Let's create a safe, welcoming space together! 🤝🌈

• Mastodon supports custom #emojis. Use them to add some flair to your posts and make them stand out. Fun and communication go hand in hand here! 😊

• If you're looking for more privacy, consider enabling the #TwoFactorAuthentication (2FA) on your account. It adds an extra layer of security to your Mastodon experience.

Knowledge is power, so let's keep sharing it!

#FediverseTips #SocialMediaEtiquette #FediTips #MastodonGuidance #Mastodon #Tips

I bet the 6 digit code it sends me is my weight...

#refrigerator #fridge #2FA #twofactorauthentication #food #foodporn #foodie #weight #funny #humor

2FA locks me out on ubuntu 22.04 #2004 #gnome #security #twofactorauthentication

https://askubuntu.com/q/1472289/612

Is it just me, or did Google just screw Google Authenticator by removing all keys? Like, all of them are gone from my phone, and now there's no trace of all the websites and applications that require me to use Google Authenticator to login with 2FA.
There was no warning that you need to export/backup your keys before the updating to enable the new cloud synch feature

#GoogleAuthenticator #Google #2FA #TwoFactorAuthentication

I have officially moved all of my 2FA stuff out of Authy and over to Aegis.

I will no longer use Authy and I would encourage nobody else to do so either as it's one of the worst 2FA apps ever made for several reasons.

#Authy #Aegis #2FA #TwoFactorAuthentication #Android #Apps

Finally @Vivaldi has enabled #TwoFactorAuthentication, and as usual they have done so in the best possible way:

- A good explanation
- User friendly
-Encouraging multiple verification methods.

Way to go 👍

So, Google Authenticator gegen ein anderes Programm (Aegis) ausgetauscht. Alle 2FA-Codes neu erstellt...

Die neue App macht regelmäßig verschlüsselte Backups, die Nextcloud dann in meine Cloud hochlädt.

#TwoFactorAuthentication #2FA #Aegis

Be careful if using the new sync features!

PSA: Google Authenticator's Cloud-Synced 2FA Codes Aren't End-to-End Encrypted https://www.macrumors.com/2023/04/27/google-authenticator-cloud-sync-no-e2e/

#Google #TwoFactorAuthentication #E2EE #Security #InfoSec #TechNews

#ScamWatch

Brand new scam just hit my phone. Some dude allegedly from "Gmail Security" calling me because they'd noticed suspicious activity on my email (which they know, because data breaches). I told him I'd change my password and that would solve the problem, but apparently the scammers would still have access. The moment I mentioned that I use two factor authentication and it would solve the problem, the scammer hung up.

1) Use two factor authentication on all your online/phone accounts that support it (preferably not SMS 2FA, but that's still better than nothing)
2) Gmail won't call you, they'll just suspend your account - if that
3) Anyone who attempts to create a sense of urgency regarding their interaction with you is either scamming you or trying to sell you something. Never give them anything.

#TwoFactorAuthentication #2FA

Possibility to be #verified, write longer posts, access to #TwoFactorAuthentication and the possibility to edit?

#Mastodon sounds a lot like #TwitterBlue, just without all of that supporting of a rich conspiracy theorist, who is basically attempting to turn his plaything of a platform into a cesspool of hate, misinformation and right-wing ideology.

Oh, and it doesn't cost 8€ either.

(But do donate to your instance if you can!)

#Musk #Twitter

SIM swap attacks are a major reason why SMS based 2FA is the least secure form of it (even if it is the most convenient). TOTP app based and hardware security key based 2FA are comparatively much more secure.

#2fa #twofactorauthentication #Twitter #mattwalsh

Discovering a bit of a problem with two-factor authentication linked to an #app on one's phone: What happens when that device dies and the app is reinstalled on a new phone? The app doesn't recognize the new phone so one is gradually blocked from one's digital life. Too much security? Possibly. #twofactorauthentication #tfa #security #apps #mastodon

Generating TOTP for 2FA directly from the computer (no mobile device) #2204 #softwarerecommendation #twofactorauthentication

https://askubuntu.com/q/1460640/612

Generating TOTP for 2FA directly from the computer (no mobile device) #2204 #twofactorauthentication #totp

https://askubuntu.com/q/1460640/612

#2FA. This is about the #Google #Authenticator app that many of us use for #TwoFactorAuthentication. I recently had to perform a factory reset on my phone. As a result, I lost access to the 2FA codes in my device. There was no way to log back into my social media accounts. I never bothered to save the backed up security codes and ended up getting permanently locked out of many accounts. So be careful with 2FA apps. Make sure you save your backup codes somewhere.

Software development tool GitHub will require more accounts to enable two-factor authentication (2FA) starting on March 13. That mandate will extend to all developers who contribute code on GitHub dot com by the end of 2023.

GitHub announced its plan to roll out a 2FA requirement in a blog post last May. At that time, the company's chief security officer said that it was making the move because GitHub (which is used by millions of software developers around the world across myriad industries) is a vital part of the software supply chain. Said supply chain has been subject to several attacks in recent years and months, and 2FA is a strong defense against social engineering and other particularly common methods of attack.

When that blog post was written, GitHub revealed that only around 16.5 percent of active GitHub users used 2FA—far lower than you'd expect from technologists who ought to know the value of it. #security #software #supplychain #softwaredevelopment #github #2fa #mfa #twofactorauthentication #multifactorauthentication #opensource #opensourcesoftware

https://arstechnica.com/gadgets/2023/03/githubs-push-to-make-2fa-mandatory-kicks-off-march-13/

Automatic MFA bypass
The most notable feature introduced in the new Xenomorph version is the ATS framework, which enables cybercriminals to extract credentials automatically, check account balances, conduct transactions, and steal money from target apps without performing remote actions.

Instead, the operator simply sends JSON scripts which Xenomorph converts into a list of operations and executes them autonomously on the infected device.

"The [ATS execution] engine used by Xenomorph stands out from its competition thanks to the extensive selection of possible actions that are programmable and can be included in ATS scripts, in addition to a system that allows for conditional execution and action prioritization," explains ThreatFabrics researchers.

One of the most impressive capabilities of the malware’s ATS framework is its ability to log the content of third-party authentication applications, beating MFA (multi-factor authentication) protections that would otherwise block automated transactions. #malware #mfa #multifactorauthentication #2fa #twofactorauthentication #cybersecurity #banking #cryptocurrency

https://www.bleepingcomputer.com/news/security/xenomorph-android-malware-now-steals-data-from-400-banks/

Hot off the press! @github stance on #SMS #2FA stands in contrast to that of #Twitter, but users say they understand #GitHub's approach.

https://www.techtarget.com/searchsoftwarequality/news/365532274/GitHub-2FA-plan-adds-SMS-account-lockout-safeguards

#cybersecurity #twofactorauthentication #multifactorauthentication #TOTP #passkey #FIDOalliance #softwaredevelopment #softwaresupplychain #devsecops

Enhancing online security means adding complexity to the process of logging in & increased use of two-factor authentication for users.

Adding complexity & two-factor authentication to online security = improved user protection. #onlinesecurity #twofactorauthentication

Deactivation of the possibility to deactivate 2FA via rescue mode (linux) - 2FA PAM module it doesn't make sense #security #twofactorauthentication #rescuemode

https://askubuntu.com/q/1457725/612