- Itâs criminal
- Itâs position to put software developers out of work
Donât use it. No one should ever use it.
How Google Authenticator made one companyâs network breach much, much worse | Ars Technica
đ¤Śââ
WHY are these big companies treated as though they are the be all and end all of infosec? These are rookie mistakes Googleâs making, at scale.
Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this âfeatureâ. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isnât a clear way to âdisable syncing to the cloudâ, instead there is just a âunlink Google accountâ option.
Like, never ever put your multi-factor tokens into a single cloud storage location! The whole point of this being âmultiâ factor is that there is a separate, independent physical factor involved in the authentication process. If the authenticator app on your phone puts the tokens in the cloud, then it reduces the security that comes from having a second factor. This is basic stuff.
Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one thatâs been vetted.
USENET, the OG social network, rises again like a text-only phoenix
The USENET management committee has reconvened and there are green shoots of growth in the original, pre-World Wide Web social network.
@movq@www.uninformativ.de oops, forgot to say thank you for the birthday wishes!
@lyse@lyse.isobeef.org Thank you!
@movq@www.uninformativ.de If youâve got it, own it!
@prologic@twtxt.net thank you! Yup, a full half century. Quite weird feeling. I feel like Iâve finally earned my curmudgeonly personality đ
grep -rin foo
I just typed rm -rf foo
. What the heck, brain!? O_o Luckily, I just caught it before hitting Enter.
@mckinley@twtxt.net I do the ls
thing regularly. I even do it after Iâve already ls
ed the directory but have run some other command afterwards. I tend to think of it like the LOOK command in text adventures.
@ionores@twtxt.net thank you, thank you. Hoping to make it to a decent fraction of a century.
Turned half a century old today. Boy Iâm tired.