Skip to main content

Search

Items tagged with: password


Second Factor #SMS: Worse Than Its Reputation


Source: https://www.ccc.de/en/updates/2024/2fa-sms

IdentifyMobile, a provider of 2FA-SMS, shared the sent one-time passwords in real-time on the internet. The #CCC happened to be in the right place at the right time and accessed the data. It was sufficient to guess the subdomain "idmdatastore". Besides SMS content, recipients' phone numbers, sender names, and sometimes other account information were visible.


#news #security #internet #2fa #mobile #cybersecurity #problem #password


In today's episode of 'website security theatre' we present the US Government's "TreasuryDirect" site.

They don't just disable copy-and-paste into the password field, they disable *keyboard entry* into the password field. You are required to click buttons on this virtual keyboard in order to enter your password. Kudos to them for making high-entropy random passwords difficult to use!

Oh, and the password is also case-insensitive, probably because implementing shift-key support in the virtual keyboard would have been too complex.

#Password #SecurityTheatre
screen capture of web form with a disabled 'password' field and a large virtual keyboard.



With almost 6k instances of #mastodon I'm pretty sure some #scam is already free in the wild. Choose your instance wisely, be aware of the e-mail account you use and - as always - use a unique password.
#infosec #newtoots #password


Hallo !Friendica Support
wenn ich meine E-Mail Adresse für meinen Account ändern möchte - kann ich diese zwar eintragen, aber ich erhalte dann die Meldung "Falsches Passwort" ohne das ich eine Aufforderung zur eingabe eines Passwortes erhalten habe.

Ist die ein Bug oder habe ich da etwas übersehen?

#change #email #password #bug


If you mean "online" #password storage then yeah, #bitwarden. My family uses #passwdsafe + #syncthing (also offline) though.

By the way #nextcloud seem to have a new pwstore but haven't checked its security yet.