Category: Security

How to use SMS two-factor authentication “the right way”

Via genius Sami Laine:

Here’s what you should do:

  • Secure your high-value accounts with strong authentication. These include crypto wallets, key financial sites and email– and if you’re an influencer—Twitter, Instagram and the like. For these, if SMS is the only option, turn it off and use a strong password with a password manager instead.
  • For new accounts, always check for stronger two-factor alternatives before deciding if you should use SMS.
  • Use a password manager to create strong, unique passwords and to autofill them to protect against phishing attacks.
  • Finally, make sure to set up a security code on your cellular account today to reduce the risk of losing your account to SIM swap attacks.

A list of popular sites and whether or not they support two factor authentication

WebAuthn rocks, but you might feel that nobody uses it.

Fortunately, you are wrong!

Visit 2FA Directory: Global or 2Fa Directory: USA for a list of popular sites and whether or not they support two-factor authentication.

This site is pure gold: it gets you up and running with WebAuthn everywhere possible as quickly as possible. When the provider doesn’t provide it them contact them demanding it.

Here is their codebase: geniuses.

Learn How To Perform Man-In-The-Middle (MITM) Phishing Attacks In Three Minutes or Less

I can’t say much more than: wow.

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. – https://github.com/pberba/evilginx2

Seriously great learning resource and kudos to Go Lang!

Just A Few Password Standards That Every Techie Must Know

If you don’t know them, then learn them.

Caffeinate → ruminate → schedule meeting → gesticulate → profit!

Just kidding, it is very valuable.