I’d prefer fuck-you-fines making it impossible to ignore the security that are actually enforced.
Quill7513@slrpnk.net
on 03 Jul 2024 18:51
collapse
And that’s why its important to prefer internet services hosted in particular companies. The English legacy of law has been very poor at keeping society safe from corporations because these laws were established when the British Empire was a vast trade corporation with an inbred person as CEO by way of the pope said Jesus wanted that family to be in charge.
What’s crazy making is a lot of the places the British destabilized the indigenous people had very advanced methods of ensuring society benefited everyone. Not all of them of course, but enough of them that its hard to see the English legacy of law practice as anything other than fundamentally broken and not worth the amount of spread it was forced to have at gunpoint. Like when I hear about how Iroquois nation justice worked I can’t help but feel something truly special was lost by way of colonists wanted to profit off beaver pelts
Especially with such careless failures. If some employee was tricked through a well-planned social engineering attack, or they used some mega obscure day0 vulnerability, I'd not be happy, but shit happens, I guess.
But not sending my phone number when someone just posts some GET command to an API should be a no-brainer....
schizo@forum.uncomfortable.business
on 03 Jul 2024 18:34
nextcollapse
What confuses me is even a half-competent audit and pentest would absolutely have found an api endpoint that’s going to absolutely leak customer data, so the assumption I have to make is that, yet again, a “security” company can’t be fucked to do the bare minimum to ensure their security shit is you know, secure.
LordKitsuna@lemmy.world
on 04 Jul 2024 04:18
collapse
Posting this against your comment for visibility, I would recommend anyone that was using authy switch to bitwarden’s dedicated 2F authentication app. The company maintains several security compliance certificates and fairly regularly gets audited which they post publicly at bitwarden.com/help/is-bitwarden-audited/
schizo@forum.uncomfortable.business
on 04 Jul 2024 15:22
collapse
Oh neat. I use their password manager but totally somehow missed them releasing a separate 2fa app.
Telorand@reddthat.com
on 03 Jul 2024 18:40
nextcollapse
That’s especially bad, because the default behavior, iirc, is to have Multi-Device turned on, which means anyone can potentially add their device to your account and access your TOTP.
And I don’t expect most users to know how or to remember to turn it off.
uhh_matt@sh.itjust.works
on 03 Jul 2024 18:43
nextcollapse
Oof, lucky I left them for aegis, android only app a long time ago. I hope/think I closed my authy account 🤞
Quill7513@slrpnk.net
on 03 Jul 2024 18:55
nextcollapse
Let this be a reminder not to use Authy or Google Auth or Microsoft Auth if you can help it. Your best bet if you can help it is a Yubikey or Nitrokey. If you can’t far better to go with Aegis or Ente Auth. If you need easy sync across devices, Aegis has that, but most of the security experts I know recommend going with 1Password as your MFA solution with sync. I personally don’t trust 1Password as a for profit corporation, but I also accept I don’t get paid to know about computer security to the degree that an actual security expert is
LordKitsuna@lemmy.world
on 04 Jul 2024 04:19
collapse
I’d recommend bitwarden’s dedicated 2F authentication app. The company is regularly audited and they post the results at bitwarden.com/help/is-bitwarden-audited/
Th4tGuyII@fedia.io
on 03 Jul 2024 18:51
nextcollapse
Thank fuck I got away from Authy years ago - cost me my Twitch account (because apparently Twitch straight won't allow you to switch away from Authy), but it was worth it to secure the rest of my things
Rentlar@lemmy.ca
on 03 Jul 2024 19:16
nextcollapse
Lol it’s taken me a while to come around to MFA (I used to hate it but I’ve started using open source MFA apps), but my hesitation to use proprietary solutions has proved smart.
Grumpydaddy@lemmy.world
on 03 Jul 2024 22:33
nextcollapse
So for common folk like myself, what do I need to do? I used Authy for a few sites. Can a bad actor pretending to be me now get access to those sites?
ryannathans@aussie.zone
on 03 Jul 2024 23:03
collapse
I swapped to aegis from authy
scottmeme@sh.itjust.works
on 04 Jul 2024 01:58
nextcollapse
FUCK ME DEAD
I got so much shit to reset up now, and I’ve closen aegis.
LordKitsuna@lemmy.world
on 04 Jul 2024 04:15
collapse
Bitwarden has a dedicated 2a app now. Highly recommend you go with that
scottmeme@sh.itjust.works
on 04 Jul 2024 11:40
collapse
I was considering an email host that did include bitwarden, any reason I should or shouldn’t go for it.
AVincentInSpace@pawb.social
on 04 Jul 2024 03:37
nextcollapse
MintyAnt@lemmy.world
on 04 Jul 2024 12:21
nextcollapse
Thanks Twilio!
Potatos_are_not_friends@lemmy.world
on 05 Jul 2024 01:01
collapse
Oh man this is going to suck.
We were looking for an authentication setup to allow for SSO and one of the front runners was Twilio. They have a meeting with us next week and I am not looking forward to this second hand embarrassment.
threaded - newest
Goddammit, can companies stop leaking our shit everywhere please
Only when it’s profitable to stop.
I’d prefer fuck-you-fines making it impossible to ignore the security that are actually enforced.
And that’s why its important to prefer internet services hosted in particular companies. The English legacy of law has been very poor at keeping society safe from corporations because these laws were established when the British Empire was a vast trade corporation with an inbred person as CEO by way of the pope said Jesus wanted that family to be in charge.
What’s crazy making is a lot of the places the British destabilized the indigenous people had very advanced methods of ensuring society benefited everyone. Not all of them of course, but enough of them that its hard to see the English legacy of law practice as anything other than fundamentally broken and not worth the amount of spread it was forced to have at gunpoint. Like when I hear about how Iroquois nation justice worked I can’t help but feel something truly special was lost by way of colonists wanted to profit off beaver pelts
Especially with such careless failures. If some employee was tricked through a well-planned social engineering attack, or they used some mega obscure day0 vulnerability, I'd not be happy, but shit happens, I guess.
But not sending my phone number when someone just posts some GET command to an API should be a no-brainer....
What confuses me is even a half-competent audit and pentest would absolutely have found an api endpoint that’s going to absolutely leak customer data, so the assumption I have to make is that, yet again, a “security” company can’t be fucked to do the bare minimum to ensure their security shit is you know, secure.
Posting this against your comment for visibility, I would recommend anyone that was using authy switch to bitwarden’s dedicated 2F authentication app. The company maintains several security compliance certificates and fairly regularly gets audited which they post publicly at bitwarden.com/help/is-bitwarden-audited/
Oh neat. I use their password manager but totally somehow missed them releasing a separate 2fa app.
That’s especially bad, because the default behavior, iirc, is to have Multi-Device turned on, which means anyone can potentially add their device to your account and access your TOTP.
And I don’t expect most users to know how or to remember to turn it off.
<img alt="" src="https://sh.itjust.works/pictrs/image/a0aedf78-f13b-4fc7-998e-a3abcc5c8803.png">
Oof, lucky I left them for aegis, android only app a long time ago. I hope/think I closed my authy account 🤞
Let this be a reminder not to use Authy or Google Auth or Microsoft Auth if you can help it. Your best bet if you can help it is a Yubikey or Nitrokey. If you can’t far better to go with Aegis or Ente Auth. If you need easy sync across devices, Aegis has that, but most of the security experts I know recommend going with 1Password as your MFA solution with sync. I personally don’t trust 1Password as a for profit corporation, but I also accept I don’t get paid to know about computer security to the degree that an actual security expert is
I’d recommend bitwarden’s dedicated 2F authentication app. The company is regularly audited and they post the results at bitwarden.com/help/is-bitwarden-audited/
Thank fuck I got away from Authy years ago - cost me my Twitch account (because apparently Twitch straight won't allow you to switch away from Authy), but it was worth it to secure the rest of my things
Lol it’s taken me a while to come around to MFA (I used to hate it but I’ve started using open source MFA apps), but my hesitation to use proprietary solutions has proved smart.
So for common folk like myself, what do I need to do? I used Authy for a few sites. Can a bad actor pretending to be me now get access to those sites?
I swapped to aegis from authy
FUCK ME DEAD
I got so much shit to reset up now, and I’ve closen aegis.
Bitwarden has a dedicated 2a app now. Highly recommend you go with that
I was considering an email host that did include bitwarden, any reason I should or shouldn’t go for it.
good thing I stopped using Authy a while ago
common aegis W
Thanks Twilio!
Oh man this is going to suck.
We were looking for an authentication setup to allow for SSO and one of the front runners was Twilio. They have a meeting with us next week and I am not looking forward to this second hand embarrassment.