Technology

58063 readers

3097 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

734

Authy got hacked, and 33 million user phone numbers were stolen (appleinsider.com)

submitted 2 months ago by [email protected] to c/[email protected]

178 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago)

Bell curve meme:

Grug: A file on my computer (/Desktop/passwords.txt) Matty Midwit: Cloud connectivity! Phone numbers! Biometrics! Just install the app! Less than a cup coffee per month! Backed by FAGMAN^TM^! The monk: A file on my computer (KPXC)

[+] [email protected] -8 points 2 months ago* (last edited 2 months ago) (2 children)

I hate, hate, hate that companies force 2FA on me just because goddamn Susans use ‘password’ as their password on every goddamn fucking app. My passwords are safe. They’re long and they contain ALL THE CHARACTER CLASSES. Fuck off with your fucking 2fa!

[–] [email protected] 4 points 2 months ago

I hate 2FA tied to a phone number. It makes it really hard to change your phone number when you’ve got 150 random accounts tied to it. Let me put that TOTP in my password manager.

[–] [email protected] 21 points 2 months ago (1 children)

My passwords are safe.

No, they're really not. No matter how good your password is, it can absolutely be compromised. If you use a password manager, just look at how often sites tell you that you "forgot" your password, despite knowing you haven't.

Use 2fa for things that are absolutely vital. Whether you use it for your Blizzard account or Steam account is less important. (Though I'm pretty sure Blizzard has leaked passwords at least once, many years ago.)

[–] [email protected] 6 points 2 months ago (1 children)

just look at how often sites tell you that you "forgot" your password, despite knowing you haven't

wtf are you talking about?

[–] [email protected] 4 points 2 months ago (1 children)

For a few months, I had been getting emails from booking.com saying that I had forgotten my password. Probably scammers with my Gmail username futilely attempting to use the forgotten password link to get at stored payment info. Once I set up 2FA on the account, the emails stopped.

[–] [email protected] 3 points 2 months ago (1 children)

How would that stop the emails, though?

[–] [email protected] 2 points 2 months ago (1 children)

I was wrong. It wasn't the forgotten password link. It was one of those sites that sent a login link instead asking for a password when you put in your username. That changed once I set up 2FA.

[–] [email protected] 1 points 2 months ago

Ah okay, yeah that makes more sense.

[–] [email protected] 4 points 2 months ago

Weren't they hacked last time? Is this old news or a new hack they never learned from?

[–] [email protected] 12 points 2 months ago (1 children)

Friendly reminder to change your master password. You’re one SIM jack away from having your life locked away for ransom. They didn’t breach the seeds, but next time who knows. I would start migrating and changing 2FA codes just in case. You never know who might be spraying.

[–] [email protected] 7 points 2 months ago

The problem is so many services requiring SMS to be that second factor. From what I've heard it's easy enough to steal a sim that if you're being explicitly targeted it's basically the same as no second factor. Yet even if using an authenticator app most services require you to still have SMS/phone as another option for the 2FA.

For Authy specifically they'd need to guess your master password and then hijack your phone number, and for users of Authy I suspect their passwords are not easily guessed as it's already a step above the standard SMS only 2FA most services require.

[–] [email protected] 24 points 2 months ago (1 children)

did they have 2fa on?

[–] [email protected] 6 points 2 months ago

Of course. It was on the office phone that gets passed around to whichever tech is on call. The on-call tech left it at Mcdonalds accidentally.

load more comments