@katzenjens@social.tchncs.de
·
12h ago
Grumpfeljens
@katzenjens@social.tchncs.de
Alter Sack, Bj 1962. Hobbys Katzen, Elektronik, Computerkrams, Foto, Amateurfunk, Basteln Beiträge löschen sich nach 4 Wochen! Unaufgeforderte Belehrungen durch mir unbekannte Personen führen zum sofortigen Block. Ggfls. mit harten Worten, welche sich für Ungeübte wie Beleidigungen anhören. Old fart, born 1962. Hobbies: cats, electronics, photo, ham radio, tinkering toots will be deleted after 4 weeks
social.tchncs.de
Nachdem ich meine paar Repos von Github exportiert und auf meinen eigenen #Forgejo gepackt habe, ist auch direkt mein #PICOTOTP Projekt dort gelandet. Als eine lange Beschreibung inkl. Code war es doch etwas unhandlich in meiner Loseblatt-Sammlung. Hier findet sich die aufgeräumte Version: https://git.j62.de/katzenjens/picototp
#basteln #raspberry #pico #2fa #totp
1
0
2
@martinsteiger.ch@bsky.brid.gy
·
Jun 08, 2026
Martin Steiger 🦋
@martinsteiger.ch@bsky.brid.gy
Anwalt und Unternehmer 🇨🇭 für Recht im digitalen Raum (Steiger Legal AG / Datenschutzpartner AG) · 🦭-freie Zone · #BildungAberSicher #Netzpolitik #TeamDatenschutz · martinsteiger.ch mit Kontaktadressen · Automatische Löschung von Beiträgen 👋🏻 🌉 bridged from 🦋 martinsteiger.ch, follow @bsky.brid.gy to interact
bsky.brid.gy
Bei #Microsoft ist Schluss mit #2FA per #SMS! ✋🏻
➡️ Wieso verzichtet Microsoft auf SMS für die Zwei-Faktor-Authentifizierung (2FA)?
➡️ Was taugen die Alternativen #TOTP und #Passkeys?
➡️ Wie geht es weiter bei Microsoft mit 2FA?
Jetzt reinhören! 🎧
podcast.datenschutzpartner.ch/404-microsof...
DAT404 Microsoft verzichtet au...
0
0
0
@ErikvanStraten@todon.nl
·
Jun 03, 2026
Erik van Straten
@ErikvanStraten@todon.nl
I BLOCK boosters of Auschwitz spam (reason: my grandfather was a Jew and Auschwitz was hijacked by Zionists incl. WestBank settler Dani Dayan; see https://todon.nl/@ErikvanStraten/115536032444852356). Independent 65+ Dutch security researcher. I hate injustice, propaganda and discrimination. I try to be as objective as possible. Mission: make the internet a safer place! Primary focus: #impersonation (i.e. when #authentication fails). Other: #Gaza #Ukraine #vaccination (last anti-Covid jab 20250916). Notes: • Don't auto-trust me. It may be a spoof, even if "I" say it's not (my account may be hacked). • Muting users of URL-shorteners (like buff.ly) • Now BLOCKING "Gazans" begging for money
todon.nl
@sophieschmieg@infosec.exchange : *if* the second factor consist of 6 digits and regularly changes (TOTP: usually every thirty seconds), then it is typically worse than 1 in a million chance.
Because the client clock may be out of sync with the server clock, typically a time window larger than 30 seconds is used to increase fault tolerance.
I suggest you read https://www.oasis.security/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass
I remembered that attack, but Pouyan (@i@toot.pouyan.net) had already referenced "AuthQuake" in an earlier toot (https://toot.pouyan.net/notice/B6xuBX6lzrGenpC74y) - but you may have missed that.
W.r.t. 2FA: if the server, after entering the user-ID and an incorrect password, responds with "wrong userID or password" - before asking for the 2FA code (or a timing difference reveals that the first factor is either wrong or correct), then the attacker's life gets a lot easier.
And if 2FA is reduced to 1FA in "device code" phishing attacks, even passkeys and FIDO2 hardware keys will not prevent account takeovers.
Also "password reset" mechanisms may have flaws (upto Instagram's AI assistent being easily convinced by fraudsters).
@dangoodin@infosec.exchange @cibyr@omg.wtf.sh
#TOTP #TimeWindow #RFC6238 #2FA #Weak2FA #MFA #WeakMFA #BruteForce
0
0
0
@umbraroze@tech.lgbt
·
Jun 01, 2026
Yesterday's Rose
@umbraroze@tech.lgbt
Hi! I'm yet another random geek girl. 👩🏻💻 ♀️ I'm a software dev 🖥️, video game enthusiast 🕹️, writer ✍🏻, photographer 📷, a dabbler in arts 🎨. Also trans 🏳️⚧️. Known to post random Weird Things 💫. I also love wolves 🐺 and turtles 🐢 aww. In this microblog: Random incoherent nonsense straight from my brain 'n' stuff! It all coalesces here. Some of the links might have more coherent, topical things.
tech.lgbt
#EpicGames Store:
Me: "I've set up both #TOTP #2FA and email 2FA, right?"
Epic: "Yep"
Me: "And I've specified that I should use TOTP as the primary 2FA option, right?"
Epic: "Yep"
Me: "Oh goodie. Email is far less preferable, I'm glad this is a modern service and uses TOTP."
Epic: "Glad we agree"
Me: "Okay, let's do this. Go."
Epic: "Sending email for 2FA"
Me: "What"
[Email lands in spam, too]
Me: "What the shit"
#videogames #security
0
0
0
@elshara@www.mediacy.net
·
Mar 04, 2026
Elshara Silverheart
@elshara@www.mediacy.net
I am the owner of #MediaNexus and also serve as the main webmaster here.
www.mediacy.net
#HotTake #2FA #codes #MultiFactor and #2FactorAuthentication centralizes what it is meant to isolate at the #app level. This is the exact same chain process of #inshitification and #IdentityVerification that targets #https as a #web #protocol at the expense of #centralized databases for #hackers to exploit.
0
2
1
@me@edafe.social
·
Jan 31, 2026
edafe knabe
@me@edafe.social
edafe.social
"Denn schlimmer ist, daß es dem Grundprinzip von Sicherheitssystemen widerspricht, wenn alle Informationen an einem Ort sind und durch ein und dieselbe Sicherheitsabfrage geschützt sind. In diesem Fall ist das der #iPhone Entsperrcode: wer diesen kennt, hat damit Zugriff auf Nutzernamen, #Passwörter, Anmeldeseiten, 2FA-Codes und natürlich auch gleich den dazugehörigen Apps für Banking und anderes."
https://www.youtube.com/watch?v=NLXi9pSR364&t=556s
#apple #mac #ios #macos #ipad #icloud #2fa #passkeys #fido2 #webauthn
0
0
1
You've seen all posts