Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

This is why we have two-factor authentication.

⁨715⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ by ⁨ivanafterall@lemmy.world⁩ to ⁨[deleted]⁩

https://lemmy.world/pictrs/image/f3101b18-e35b-4ecf-b97b-61c8fd264f05.jpeg

source

Comments

Sort:hotnewtop
  • deceiver@infosec.pub ⁨1⁩ ⁨day⁩ ago

    2FA won’t help if you leave a session running on a public device

    source
    • greenMeanHoppinMachine@lemmy.world ⁨1⁩ ⁨day⁩ ago

      That’s the comment I was looking for.

      source
    • Prathas@lemmy.zip ⁨11⁩ ⁨hours⁩ ago

      To be fair, we are in a specific community…

      source
  • The_Hideous_Orgalorg@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

    Two factor would not help here. One needs to remember to log out of public devices before leaving them.

    source
    • gandalf_der_12te@feddit.org ⁨1⁩ ⁨day⁩ ago

      best to always use incognito browser on public devices. when you close the browser, it logs you off automatically.

      source
      • PattyMcB@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Or just not be a moron and put your credentials into a random device in some store

        source
        • -> View More Comments
    • Rooster326@programming.dev ⁨1⁩ ⁨day⁩ ago

      Why would you even log into a public device?

      source
  • kevinsky@feddit.nl ⁨1⁩ ⁨day⁩ ago

    The amount of people that leave things like youtube logged in on hotel room tv’s is also moderately staggering.

    source
    • titanicx@lemmy.zip ⁨13⁩ ⁨hours⁩ ago

      Probably because most the TVs are designed to auto logout after check out. So when you run into one that isn’t it’s weird.

      source
      • Prathas@lemmy.zip ⁨11⁩ ⁨hours⁩ ago

        Interesting. I’ve actually never heard of them automatically logging out. That’s partly why I am hesitant to log in in the first place.

        source
        • -> View More Comments
    • Fedizen@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Tv and app creators I feel like are also a bit responsible for this by not making it easy to do timed logouts when you log into a device for the first time. Unless you have a mental or physical checklist going its not a high priority

      source
    • RagingRobot@lemmy.world ⁨13⁩ ⁨hours⁩ ago

      Does it really matter to anyone other than the streaming companies?

      If the next guy at the hotel watches my HBO why would I care?

      Worst case scenario I lose my spot in a show.

      source
      • Axolotl_cpp@feddit.it ⁨12⁩ ⁨hours⁩ ago

        And lose your account and your google account if it’s youtube like the commenter said

        source
      • Appoxo@lemmy.dbzer0.com ⁨13⁩ ⁨hours⁩ ago

        And your account.

        source
    • Sc00ter@lemmy.zip ⁨22⁩ ⁨hours⁩ ago

      We just stayed at a disney resort a few weeks ago. The tv prompted us to sign into OUR disney+ account…

      source
      • macaw_dean_settle@lemmy.world ⁨11⁩ ⁨hours⁩ ago

        Ellipsis are wrongly used again. Why do you people keep using shit you do not understand?

        source
        • -> View More Comments
  • ThunderQueen@lemmy.world ⁨1⁩ ⁨day⁩ ago

    This is peak timothy behavior. You know he went home to absolutely destroy his younger sibling in halo

    source
  • macaw_dean_settle@lemmy.world ⁨11⁩ ⁨hours⁩ ago

    That is not what ‘hacked’ means.

    source
    • funkless_eck@sh.itjust.works ⁨5⁩ ⁨hours⁩ ago

      I’d counter this is exactly how a lot of hacking works

      source
    • Jax@sh.itjust.works ⁨5⁩ ⁨hours⁩ ago

      Absolutely can be

      source
    • ButteredBread@sh.itjust.works ⁨11⁩ ⁨hours⁩ ago

      SHH, HE’S A MASTER HACKER AND WILL HACK YOU IF YOU SAY SOMETHING WRONG

      source
  • houndeyes@toast.ooo ⁨1⁩ ⁨day⁩ ago

    Kid looks like a Mad magazine cover.

    Image

    source
  • rangber@lemmy.zip ⁨1⁩ ⁨day⁩ ago

    Wonder what Timothy is up to nowadays

    source
    • Dkiscoo@lemmy.world ⁨1⁩ ⁨day⁩ ago

      1337 h@xing the internets

      source
      • P1k1e@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Tight

        source
    • slaacaa@lemmy.world ⁨1⁩ ⁨day⁩ ago

      nbcnews.com/…/actor-timothy-busfield-indicted-chi…

      source
  • ILikeBoobies@lemmy.ca ⁨1⁩ ⁨day⁩ ago

    2fa wouldn’t change anything

    source
    • Hawke@lemmy.world ⁨1⁩ ⁨day⁩ ago

      [citation needed] on the second half

      source
      • ILikeBoobies@lemmy.ca ⁨1⁩ ⁨day⁩ ago

        A big feature of sms is that it’s not encrypted. Every tower that recieves the message is trusted to forward it unaltered. This is one attack avenue.

        www.helpnetsecurity.com/2020/11/…/sms-voice-mfa/

        Things like the following are generally recommended though Microsoft recommends using their app. www.yubico.com

        source
        • -> View More Comments
      • axx@slrpnk.net ⁨22⁩ ⁨hours⁩ ago

        Briefly: look into sim swapping, which is the most obvious, day to day risk.

        Then there’s SS7 and how inherently trusting the whole system is.

        Then depending on where you are, some mobile networks still have terrible link encryption (were talking so bad a normal laptop is enough these days to break it on the fly). Granted, this is rare these days, in part thanks to the efforts of Karsten Knohl, SRLabs and other security researchers who did a lot to shine a light on this and SS7

        Not sure how up to date it still is, but https://gsmmap.srlabs.de/ shows how unequal networks are.

        source
        • -> View More Comments
  • sundray@lemmus.org ⁨1⁩ ⁨day⁩ ago

    Ok, you’ve hacked me.

    I hope you’re ready for what your about to see.

    source
    • everett@lemmy.ml ⁨1⁩ ⁨day⁩ ago

      Goat…

      source
      • not@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

        se

        source
        • -> View More Comments
  • edgyspazkid@lemmy.wtf ⁨13⁩ ⁨hours⁩ ago

    A few days ago I though 2FA didn’t worked for lemmy but I just didn’t have timezone or something and that’s why I couldn’t login.

    Image <-- Aegis is goated

    source
  • Hazel@piefed.blahaj.zone ⁨1⁩ ⁨day⁩ ago

    “Hahaha hacked!!! … now let me dox myself.”

    source
    • T00l_shed@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Maybe that’s the name he uses so people think he is called timothy! And it wasn’t a sprint store! Classic misdirects

      source
  • HerbalGamer@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

    2fa got me locked out of google after losing my phone so fu2

    source
    • theunknownmuncher@lemmy.world ⁨1⁩ ⁨day⁩ ago

      You didn’t print out or write down the codes they give you for this exact situation? 100% your fault and not 2FA’s

      source
      • PotatoesFall@discuss.tchncs.de ⁨1⁩ ⁨day⁩ ago

        Google doesn’t give you codes. They don’t even tell you that they enabled 2FA. If you log in on an android device, they will automatically enable it for 2FA, and for some reason they assume you will have access to this phone until the end of time, even if you haven’t turned it on in months. The only way to go around this is to set up 2FA manually.

        Google has locked so many people I know out of their accounts it’s ridiculous.

        source
        • -> View More Comments
      • HerbalGamer@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

        True but also I wasn’t there when other people had to clear out my apartment so I didn’t have much of a clue wether or not it would be saved.

        Still know my pw managers pw by heart and have my gmail account pw written down but not that actual code, no.

        source
    • TORFdot0@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Do you blame the locksmith if you lose your keys?

      I could take the locks off the door to my house but then I can’t be mad when I get robbed

      source
  • toynbee@piefed.social ⁨1⁩ ⁨day⁩ ago

    Back when I was in college, I was young and dumb enough that I’d login to AIM on the college computers. (Nowadays I won’t login to personal accounts on anything I don’t fully control. I’m always surprised by coworkers who check their bank accounts, social media, personal email, etc. on their work laptops.)

    Anyway, even at the time I was pretty good at logging out when I left each computer, but once I forgot. The next time I logged in, I was surprised to discover that my entire buddy list had been cleared. I never understood the motivation behind doing so. I don’t think it was particularly funny but, even if it were, it’s not like the perpetrator got to see my reaction or even to point and laugh.

    I did learn a lesson from it, but presuming that that was the mission of whomever did it feels … Generous.

    source
    • ThunderQueen@lemmy.world ⁨1⁩ ⁨day⁩ ago

      I like to do white hat shenanigans like this

      source
      • toynbee@piefed.social ⁨1⁩ ⁨day⁩ ago

        You shouldn’t.

        If the goal was to teach me a lesson, there were less destructive ways to do it.

        If the goal was to troll, well, that’s without redeeming qualities.

        source
        • -> View More Comments
      • Devconsole@sh.itjust.works ⁨23⁩ ⁨hours⁩ ago

        Brown hat more like

        source
  • TrickDacy@lemmy.world ⁨1⁩ ⁨day⁩ ago

    Do you know what 2fa is?

    source
    • Saapas@piefed.zip ⁨1⁩ ⁨day⁩ ago

      It’s like when people think VPNs will magically prevent their credentials from leaking while they’re giving them to some sketchy website

      source
      • TORFdot0@lemmy.world ⁨1⁩ ⁨day⁩ ago

        But the YouTuber that sold me my VPN said it kept my online data safe (whatever that means)

        source
        • -> View More Comments
  • MidsizedSedan@lemmy.world ⁨1⁩ ⁨day⁩ ago

    A non-tech store had some iPhones and iPads on display. No internet. But it COULD connect to my phone hotspot. Wish I did something more than just download a rainbow six siege pic and set it as the wallpaper, but they took down that demo for I think close to a month.

    source
  • possessedfaxmachine666@lemmy.world ⁨1⁩ ⁨day⁩ ago

    sudo hack IP -127.0.0.1

    source
    • CaptPretentious@lemmy.world ⁨1⁩ ⁨day⁩ ago

      What, how’d you get my IP! You haxxor!?

      source
  • FudgyMcTubbs@lemmy.world ⁨1⁩ ⁨day⁩ ago

    I dont care for 2fa. Not interested in having my phone connected to my computer, and i dont like having an extra step when logging into stuff – especially an extra step that needs me to use a second device. Id honestly rather risk getting hacked over ever having to use 2fa again.

    source
    • chloroken@lemmy.ml ⁨1⁩ ⁨day⁩ ago

      This makes me mad but I have absolutely no justification. Like, it’s your life. But I am incensed. Godspeed.

      source
      • FudgyMcTubbs@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Thank you for the grace.

        source
    • Rooster326@programming.dev ⁨1⁩ ⁨day⁩ ago

      He says having never had to deal with actually having his identity stolen.

      source
      • FudgyMcTubbs@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Correct. It solved a problem that didnt exist for me.

        source
    • greenMeanHoppinMachine@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Use a Yubikey. It’s a small USB Device you can put on a keychain. It is still a second device, but it’s not your phone. And you always have your keys with you, anyway.

      source
      • garbage_world@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Yubikey is closed source and likely steals your data

        source
        • -> View More Comments
    • Honytawk@discuss.tchncs.de ⁨1⁩ ⁨day⁩ ago

      Why do you think you need to connect your phone to your computer?

      You do know you can just generate codes and neither device will know of the others existence, right?

      source
      • FudgyMcTubbs@lemmy.world ⁨1⁩ ⁨day⁩ ago

        I have no reason to believe that the google authenticator app on my google phone doesn’t register and record that it’s being used to log into XYZ website, and further that XYZ website is not then sending back unique identifying info to Google about me when ive used the code to log in.

        I’ve lived with tech long enough to know that if they say “we absolutely don’t,” it really means they probably do.

        Like when they swore up and down and gaslit us that our phones aren’t listening to us to generate ads.

        How many lies can I believe before I begin assuming everything is just another lie from a liar?

        Guess im paranoid.

        But that whole thing ignores that it’s an annoying second step with another device. Like “you want to log in? Thread a needle with the string in your pocket first…”

        source
        • -> View More Comments
    • axx@slrpnk.net ⁨20⁩ ⁨hours⁩ ago

      MFA (a better term IMO for this) has nothing to go with phones, per se.

      It’s just about reducing risk by adding more proofs that the person claiming to have the right to do something has indeed the right to do something.

      Unless you have excellent password hygiene (long, random, different for every single site and service) the likelihood of having an account taken over goes up quite fast. The overwhelming majority of the population doesn’t, so forcing a second factor is a good way to limit damage.

      If you don’tt like the multi step process, look at psskeys. They aren’t perfect, but they offer nearly all the security benefits of MFA without having to go throughthrough multiple steps.

      source
  • blimthepixie@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

    Logged into what?

    What’s a Sprint store?

    If it’s a shop that sells electronics like Currys or Mediamarkt then why would this person log into anything on display?

    source
    • fonix232@fedia.io ⁨1⁩ ⁨day⁩ ago

      Phone carrier.

      They have display phones and tablets.

      And some people use those display units for social media for some reason.

      Back in the 2010s I had a friend work in stores as a "device expert", he handled daily resets of the display units (this was pre-MDM easy management days). The number of people who just logged on to Twitter, Facebook Messenger, even WhatsApp or GRINDR of all things (yes, dude left his grindr account logged in, full of explicit images, which downloaded to the device's gallery, while the phones were most often used by KIDS in the store...), it was simply astonishing.

      source
    • jayands@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Sprint is was a phone carrier in North America (pretty sure just the US, but they may have been in Canadia, too)

      source
      • kboos1@lemmy.world ⁨1⁩ ⁨day⁩ ago

        Their called T-Mobile now they merged or bought them, I don’t remember. T-Mobile is owned by Deutsche Telekom

        source
      • BurntWits@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

        No it was USA only. We have three mobile carriers that own all the cell towers here. You’re either with Rogers, Bell, or Telus, or one of their derivatives. There’s zero competition here, it’s ridiculous.

        source
  • TropicalDingdong@lemmy.world ⁨1⁩ ⁨day⁩ ago

    lolgottem

    source
  • dismay3915@lemmy.world ⁨1⁩ ⁨day⁩ ago

    Lmao this is cute

    source