Discover and read the best of Twitter Threads about #2fa

Most recents (13)

When my @EFF colleague Alexis Hancock signed her baby up for daycare, she had to download a childcare management app - to monitor and specify "feedings, diaper changes, pictures, activities, and which guardian picked-up/dropped-off the child."… 1/ A line of kindergartners horsing around in a toddler-sized i
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on, my surveillance-free, ad-free, tracker-free blog:… 2/
This was during the lockdown, and the app was a way to comply with social distancing and contact tracing rules, but it was also designed to help with "separation anxiety of newly enrolled children and their anxious parents." 3/
Read 38 tweets
Beware, here is how WhatsApp accounts are getting hacked.

(A Thread)
First, you receive a call from the attacker who will convince you to make a call to the following number **67*<10 digit number> or *405*<10 digit number>.

Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account.

What is happening here? The number you have dialed is a service request for Jio and Airtel to do "call forwarding" when your number is busy/engaged. The attacker tricked you into call forwarding your calls to a number they own when you are busy.

Read 10 tweets
At #disruptedtimes22, @johnnyryan says even tech giants don't know what they do with data (shades of Amazon's multiple scandals).

This is where #PurposeLimitation comes in. The #GDPR bans e.g. reusing phone numbers gathered for #2fa to target ads.
If one company is acquiring another, a regulator could compel both firms to disclose every single use they make of PII, and then analyze 'what happens when those two spreadsheets have a baby'
Purpose limitation is Big Tech kryptonite, and the DMA strengthens it, allowing the EU to pursue cases where national governments e.g. Eire won't
Read 5 tweets
#NoCode #buildinpublic

Many people think that free #OpenSource software is only for #Linux.

But I use a lot of #FOSS software on my @Microsoft #Windows desktop that I'd be lost without!

These are some of my faves!

25+ FOSS Tools to Improve Your Windows Experience 🧵 👇
7-Zip (@7zip)

Great archiver supporting


Unpacking only:
Audacity (@getaudacity)

If you need to perform some audio editing, Audacity is a huge help. I often use it when fixing audio for a video or converting a recording for use in a phone system menu.

Tons of features & useful tools!
Read 28 tweets
There are a lot of #Security Issues in the #NFT Ecosystem & #NFTs marketplaces (NFTMs)

1/ When using a password-based authentication workflow, there is no #2FA (two-factor authentication)
2/ there is no support #hardwarewallet
3/ The #smartcontracts of NFTMs must be #opensource and/or provide results of security #Audit
Read 18 tweets
Today on #DataPrivacyDay, @SFLCin is bringing you some tips and quick fixes to help protect your privacy online.
#DataPrivacyDay2021 #PrivacyAware #privacy #cybersafety #dataprivacy
We as a generation use #SocialMedia almost obsessively. Most of us have accounts on social media websites like #Facebook, #Instagram & #Twitter.
#SocialSecurity #cybersecuritytips #PrivacyAware
We also keep hearing about various #Hacking, #Phishing attempts and in times like these it is important to understand the basics of social media privacy settings to secure yourself from such attempts.
Read 14 tweets
1/ Solving the root cause of #GoldenSAML attacks, recently used in #Sunburst attacks.
Don't of scale security "UP", burying #SAML's private key deeper in HSM,
scale it "OUT": distribute it w/ modern crypto (#TSS #MPC)+ service architecture, as we do for #cryptocurrency @ZenGo
2/ Advanced attackers (#APT) steal long term secrets ("the stamp") that allow them to issue access tokens and thus access all services in victims' environment, bypassing all security, including multi-factor auth (#MFA,#2FA)
3/ @CISAgov recommends protecting such secrets with hardware (HSM), but this solution is not always feasible, does not scale well and is susceptible to vulnerabilities especially when facing #APT attackers (hence: "aggressively updated")…
Read 8 tweets
Hilo de recursos de #SeguridadDigital 👨‍💻🛡️ para aquellos periodistas, activistas y defensores de #DDHH que van a cubrir la farsa electoral de la dictadura y sus cómplices mañana #6D. 👇🧵
Antes de salir a cubrir, activen la verificación en 2 pasos en sus cuentas de correo y redes sociales. En este y los próximos 3 tuits dejaré enlaces con los pasos que deben seguir para hacerlo 🔐 #2FA

Cómo configurar la verificación en 2 pasos en Twitter:
Cómo configurar la verificación en 2 pasos en tu cuenta de Google:
Read 15 tweets
#TPRM #IAM #authentication #2FA 
Thoughts on a possible quick-win when it comes to reducing potential unauthorized access by third-party personnel that have approved access to your systems (be they on-prem or cloud)
Fact - Most organizations have a valid need to provide access for third-party personnel to their systems for one or the other reason
Unfortunate Reality - 3rd parties don't always let their customers (you) know when one of their people that has access to a customer system departs their employment. They may not even realize the user had access to your system(s)
Read 7 tweets
Yesterday we published a deep dive on Saud al-Qahtani.

Who is he? Since October 2018, he has been known as the "mastermind" of the #Khashoggi murder.

He is one of #MBS's top aides and has been described as the Saudi crown prince's enforcer and chief propagandist.
Al-Qahtani is also known as the "Lord of the Flies" — "flies" are what Saudi dissidents call trolls and bots that relentlessly attack critics of the Saudi state on social media.

They send death threats. They wage disinformation campaigns.…
Al-Qahtani has personally launched harassment campaigns against critics of the Saudi regime.

In August 2017, he launched a hashtag that translates to #the_black_list in English — it threatened dissidents that they would be "followed" if tagged.
Read 17 tweets
Sondersitzung des Digitalausschuss im #Bundestag, heute im Saal des Haushaltsausschusses, daher liegen hier überall fette Unterlagen herum. Neben Behörden wie BSI, BMI u BKA sind auch Twitter, FB, Google u GMX da, um unsere Fragen zum #Hackerangriff u #Datenklau zu beantworten.
#Facebook: "bei Bundestagswahlkampf 2017 legten wir allen Kandidat*innen nahe, eine 2 Faktor-Authentifizierung einzurichten, nur 2.1% haben das leider auch getan, ggf binden wir Kandidaten Verifizierung bei #EUWahl2019 an Einrichtung von #2FA". #hackerangriff #Datenklau #btADA
Facebook: "350 URLs haben wir im Zusammenhang mit dem #Hackerangriff identifiziert und geblockt, Inhalte entfernt, Infos mit BSI geteilt" #datenklau #btAdA
Read 16 tweets
Truth! SMS is not a secure #2fa channel for Instagram or any service; and I've just switched what I could to @Authy. Read up on these #simhijacking #portoutscam hacks (and how to mitigate risk) with this great series by @lorenzofb for @Motherboard:…
For its part, @Instagram is rolling out support for third-party #2FA authentication code apps now (like @Authy or Google Authenticator) now, as an alternative to SMS. I've been checking my Settings > Two-Factor screen relentlessly!…
Because, as @lorenzofb reports, carrier insiders are helping scammers take over phone SIMs even when you add account PINs, I wonder whether using SMS for #2FA is better than no 2FA at all. #simhijacking is relatively rare, so for most folks I think it is.…
Read 4 tweets
Mommy, Why is There a Server in the House?
Do you know
what a server is?
I bet you do!

A server is
a funny-looking box.
It makes friends with computers!

Big people have a server at the "office".
The office is a boring place
where big people go and do boring things.

Read 21 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!