- It’s criminal
- It’s position to put software developers out of work
Don’t use it. No one should ever use it.
WHY are these big companies treated as though they are the be all and end all of infosec? These are rookie mistakes Google’s making, at scale.
Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option.
Like, never ever put your multi-factor tokens into a single cloud storage location! The whole point of this being “multi” factor is that there is a separate, independent physical factor involved in the authentication process. If the authenticator app on your phone puts the tokens in the cloud, then it reduces the security that comes from having a second factor. This is basic stuff.
Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that’s been vetted.
The USENET management committee has reconvened and there are green shoots of growth in the original, pre-World Wide Web social network.
@firstname.lastname@example.org oops, forgot to say thank you for the birthday wishes!
@email@example.com Thank you!
@firstname.lastname@example.org If you’ve got it, own it!
@email@example.com thank you! Yup, a full half century. Quite weird feeling. I feel like I’ve finally earned my curmudgeonly personality 😆
grep -rin fooI just typed
rm -rf foo. What the heck, brain!? O_o Luckily, I just caught it before hitting Enter.
@firstname.lastname@example.org I do the
ls thing regularly. I even do it after I’ve already
lsed the directory but have run some other command afterwards. I tend to think of it like the LOOK command in text adventures.
@email@example.com thank you, thank you. Hoping to make it to a decent fraction of a century.
Turned half a century old today. Boy I’m tired.