3 of my close friends were hacked this month,

June 27, 2021, 8:34 am
3 of my close friends were hacked this month,
3 of my close friends were hacked this month, all of them didn`t have 2FA enabled on their accounts If you do anything this week, set a day aside to enable 2FA on all your email, crypto, banking, social media accounts Anything without 2FA is essentially an unlocked door in 2021

Great tweet Security is more like 2FA, highly recommended today. A lot of cyber crimes happen, because some of us don`t care about things like that.

Samsung has a one-handed mode. They`re so close to realizing that 5.8+ phones aren`t that usable without workarounds, but never quite made the connection. iPhone 12 mini arrives on Tuesday, ordered one a couple of days ago to replace my aging Samsung S8

Then you really need to remember to block the authentication app from having notifications displayed on the lock screen.

So the vulnerability is really at the Telco you use. So if you use a Google Voice or Virtua Number they`d need to compromise that VN somehow. With that said VN 2FA is iffy. Some providers won`t allow it, or it might expire due to lack of usuage. I`d recommend using App based 2fa

THX Im seriously considering buying 2 then :)

Interesting. Thanks for sharing. Such a wild west with this stuff

Sigh

But I guess Im wondering if someone at a Telco can swap a number that isnt created with the Telco? I guess maybe it is in the backend but these services allow you to buy an internet number which isnt associated (I think?) with a telco?

@stephsmithio Again to spare you the tech details, there`s no security built in the telecom network. It`s based on trust. Anyone working at any telco can SIMswap right now.

@stephsmithio That means your phone number you use for 2FA is now a password and nobody should ever know it.

@JFK242 Also as long as you`re signed in it`s fine. You can add new keys and remove keys. The only problem would be if 1) you lose your Yubikey 2) you lose your backup Yubikey 3) you lose your devices or get signed out of all of them

Genuine q re: SMS 2FA Can someone SIM swap a phone number that doesn`t have a SIM? Ie: Google Fi, Skype number, etc?

Some institutions like vanguard (6T under mgmt) dont have OTP, what to do?

Yeah, if they hack your 1password they got your one time password. good catch

When i was teen I stopped my dad`s gmail getting hacked due to his office politics using 2FA.

YES and if you want to support the small guy & use my Yubico affiliate link: Whats the benefit of using yubikey over the 1password for example? 1password got 2fa as well and its an app in your phone. With Yubikey you need to carry extra device with you, right?

Not sure if every banking has 2FA facility

Thanks. I was using the standard approve notification 2FA but now I have changed it to authy.

Which accounts got hacked?

I used to think my teacher was weird using 2FA in 2015 but she was indeed a smart one. Obviously, she was teaching about Computer Networks.

- well at least got rid of sim swap issue

In Brazil people are stealing iPhones and bypassing FaceId &password even with 2FA banks accounts are being wiped out

Is google authenticator good enough? Because I have been using from one year.

FYI: Currently you even get about 40% off if you buy a yubi security NFC key and use coupon PRIMEDAY2021 at checkout

I wish that sell identical keys pairs: One for daily use, another to be kept in safe at home.

I love my yubikey, however I only use it in sites that support multiple multi-factor sources, as I am afraid of loosing it.

in case of cookie cloning, 2fa wouldnt help, right?

Thanks for sharing! This is a personal tipping point for me on taking security seriously...is there some kind of 101 resource on how to do spring cleaning on your personal digital security?

Shit. Special note for New Zealand: COVID-19: There is currently no economy air postal service between Sweden & New Zealand. It may take _up to two months_ for your order to arrive via regular mail.

And while youre at it, start using a password manager to randomise all your passwords! Bitwarden is open source, free, and wonderful.

The security keys are quite advanced pieces of technology, but all I`m looking for is one where I can press a button and it types a 200 character generated string In theory a device that only offered that would be cheaper, but while almost all keys support that, it`s secondary

is there an advantage vs a normal autenticator app? I would be afraid of losing these more than with a phone which has additional protection (password or faceid)

Ive always been debating getting one but just havent been sure, Ive been using Authy for ages

Ok, you got me convinced..ordered a few too

+100. YubiKey 2FA on every important digital account is a MUST.

So what should one use?

The only feature I want in one is the static password generation, so I can use it as a physical key for my password manager and nothing else I`d love to find a cheap one that focuses on that but it`s a second-class feature for all of them, so stuck paying full price + backups

I`ve been buying loads of and handing them out to all my friends so they can get secure. Not sponsored, not affiliated but it`s going to save them a lot of pain and lost money in the future

Also, don`t use SMS 2FA It`s basically a door using this lock True, I have 2FA almost everywhere. Does facebook have 2FA too?

Do you mean its possible to hack the accounts without compromising their first factor (password) as well ? Or did they compromise the password via Sms somehow ?

Authy feels wrong as its still tied to just a phone number

wouldn`t simswapping bypass 2fa

Tell that to millions of forums I used to participate on as a kid that won`t let me delete my accounts or do anything with my data

For those using Authy, once everything is set up, switch off "allow multi-device" in settings.

Any more info on how they were hacked? What security measures they already take? (Like using a pwd manager)

 
Sponsored links