Comment on Daily discussion thread: 🦈 Monday, May 13, 2024

<- View Parent
TinyBreak@aussie.zone ⁨6⁩ ⁨months⁩ ago

Correct, mfa ain’t enough. Especially in sensitive settings like the courts. Government gets twitchy about data going out of the country. You might even find dealing with the courts the mandate IS on prem.

But I’ve had clients/customers/whatever click on links and have their auth token stolen from the browser, allowed an attacker to come in totally bypassing mfa. I’ve also had customers have their phone number ported away to steal the sms auth. Shit is scary.

source
Sort:hotnewtop