![]() ![]() #CyberSecurity #InfoSec #MFA #2FA #TOTP #Microsoft #Twitter #Google #FIDO #Privacy #Espionage #IntelligenceĪn update on two-factor authentication using SMS on Twitter Personally I would recommend people hardware tokens like Yubico Yubikey to secure your precious accounts with modern protocols like FIDO. Yet it is to be verified how they handle data.Įspecially as they force people to a cloud based subscription model - I remain sceptic. Ĭertain password managers, like 1Password, also offer TOTP capabilities. Google authenticator apparently sends no data and should be a valid option. ![]() This is not only a privacy but also a security problem. ![]() , while others send PII tied to the used service. Some apps even send the scanned secret token back to their developers. For example Microsoft Authenticator app sends service and device specific information - even when the analytics feature is turned off. However one should be careful as not every of these apps is privacy aware. Many now suggest to use the TOTP based MFA feature - it is this 6 digit code that is constantly changing. SMS is an inherently insecure feature, which became painstakingly obvious as a Swiss company allegedly sold their services to spy on people. Twitter users would need a paid subscription to continue using SMS. Last week #Twitter announced that SMS based MFA will no longer be available for free users - but TOTP apps might spy on you. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |