| neadreport |

For those of you (like me) that are moving away from Google apps, you might like *Ente Auth* (vs. Google Authenticator)

- Open source 2FA authenticator, with end-to-end encrypted backups.
- Auth provides end-to-end encrypted cloud backups so you don't have to worry about losing your tokens. Our cryptography has been externally audited.
- Auth has an app for every platform. Mobile, desktop and web. Your codes sync across all your devices, end-to-end encrypted.

Here's a migration tip honed from my recent experience:
1) Don't use the Google export function, instead...
2) Make note of all of the websites/apps that are listed within your current Google's Authenticator app.
3) Download the Ente Auth app to your phone.
4) Go to each website you noted, log in, go to your settings, select *remove 2FA*, then immediately RE-ACTIVATE 2FA on that same site. This will prompt you to scan a QR Code.
5) Open up Ente's Auth app, select the +sign AND SCAN this new QR Code adding it now to Ente Auth.
6) Then you can go back and delete each of the Google Authenticator entries and uninstall their app.
Learn more about "Ente Auth" here: ente.io/auth/
#Authentication #Google #ente #OpenSource #Encryption #2FA #E2EE

Ente Auth - Open source 2FA authenticator, with E2EE backups

Protect your accounts with Ente Auth - Free, open source,…

ente
Jan 30, 2025, 21:05 · · · 1 · 0
Anders Thoresson

Wonderful! I have now managed to lock myself out from my #Pixelfed server due to #2FA problems! 🤣

But when I gave admin access to one of the other users, she can't do any password/security changes to my account. Should there be? Or is there a command to run from CLI?

#fediverse #selfhosted

AnneTheWriter

BONUS #JOKE :
A hacker called and told me that he had all my passwords. I replied, "Thank God for that! What are they?" and grabbed a pen and some paper.

(It's #HootinTootinTuesday again! Post some jokes or funny memes under this hashtag today, and bring lots of smiles to #Mastodon.)

#Humor #Humour #FunnyMeme #Maxine #Passwords #Tech #ForgotMyPassword #ITSecurity #Hackers #Cybercrime #2FA

mvu

So I've been trying to figure out the answer to a theoretical problem: what would I do if I was in a foreign country and had my phone and laptop seized / stolen?

I'm not too concerned about the shit on them, but nowadays everything is 2FA. Even my password manager needs second factor auth on a new device, and the second factor is email which... You guessed it needs a second factor. I feel like I'm one lost device from disaster.

How do you go from zero to re-equipped with your logins without access to your own desk and devices?

Would it be insane to post an encrypted binary blob in like a public git repo? Random webpage? What encryption would be sufficient to confidentiality drop an entire password vault, ssh keys, etc into a public space?

(Encryption not my area of expertise)

#2fa #encryption #passwords #keyvault #multifactor #backups #cybersecurity

Jan 29, 2025, 04:28 · · · 3 · 0
YHANCI~1.TXT

There must have been a change somewhere in my browser or OS, or maybe it's in the supported websites, but I suddenly realised my Yubikeys weren't recognised anymore on sites where I added them for 2FA.

Currently re-adding the ones I have at home (I'll need to re-add my off-site backup key later :s).

What the fuck, though?

#2FA #yubikey

Hella

Muss man auch ab und zu machen: Frühjahrsputz im Passwortmanager ... einiges kann man wegwerfen, einiges bekommt ein längeres Passwort, einiges noch 2FA dazu.

Wusstet ihr, dass man als normalsterblicher User in der Wikipedia 2FA erst beantragen muss?

Ist experimentell seit 2016 😉

de.wikipedia.org/wiki/Hilfe:Zw

(Immerhin sind da eine Vielzahl von sinnvollen Apps empfohlen, mit denen man OTP machen kann)

#2FA #OTP #Wikipedia

Hilfe:Zwei-Faktor-Authentifizierung – Wikipedia

de.wikipedia.org
Jan 27, 2025, 12:37 · · · 0 · 0
Sebastian Müller

Es ist wirklich bizarr, manchmal kommt die dienstliche #2FA von #Microsoft als SMS aufs private Handy, manchmal per WhatsApp.

Kevin Veen-Birkenbach

🚀 Just implemented an OAuth2-Proxy role in CyMaIS! 🔐 Now, applications that only support LDAP or other login methods can be hidden behind a #proxy, enforcing 2FA with TOTP for extra security! 🎉

Next step? Setting up a firewall to lock down access to LDAP and other services, so they’re only reachable through a closed #VPN. 🔥🔒

Check out the role:
github.com/kevinveenbirkenbach

#DevOps #OAuth2 #TOTP #SecurityFirst #CyberSecurity #LDAP #VPN #OpenSource #Coding #Infrastructure #2FA #CyMaIS #Firewall

cymais/roles/docker-oauth2-proxy at master · kevinveenbirkenbach/cymais

CyMaIS streamlines Linux-based system setups and Docker…

GitHub
rob

I am—and have been for a while—going through the process of #demeta and #degoogle my life as much as I can. For reasons too numerous to mention, but you‘ll be able to think of the main ones. An appraisal, so far…

#Meta

✅ Stopped using #Facebook years ago but have finally deleted all posts, photos, likes, follows, and interactions I ever had on there (going back to 2007). Batch delete was hardly “batch” so this was laborious (and I know delete isn't really delete but it felt good to see stuff disappear!)

✅ Deleted all of my photos from #Instagram. Now I just use #Pixelfed. On my phone, I use the @impressia app. The next step is to run my own, single-user instance on a #RaspberryPi at home (as I do with Mastodon) and get off pixelfed.social

❌ #WhatsApp is tricky. I'm in groups where I know I have no chance of converting everyone to an alternative platform. Cutting myself off from the herd (of IRL friends) isn't an option. Will reluctantly live with this for the time being.

✅ Don’t use Messenger; never used Threads.

#Google

✅ Switched from Google to #DuckDuckGo for search on all devices. Deleted search history in Google account.

✅ Migrated mail and calendar from Google to @fastmail. I was briefly considering either self-hosting with #Citadel or using #iCloud Mail, but Fastmail was a better option for me. Very pleased so far; thanks to @tekphloyd for sending me in the right direction!

✅ Switched from Google Authenticator to @ente Auth for #2FA

✅ No longer using Google Analytics on any personal sites; currently trialling @Matomo which is #FOSS and self-hosted.

✅ No longer using Google Fonts on any personal sites.

✅ Deleted a bunch of dormant Gmail accounts that hadn't been used in years. Will be using masked email addresses in future, so don't need these kinds of accounts.

✅ Don’t use Chrome on any device.

✅ iOS since the beginning; never used Android.

✅ Already using iCloud+ for photo library sync and any file cloud storage/mirroring, so no need for Google Photos or Drive.

✅ Still old school MS Word/Excel for me, so the various Docs apps were never needed.

❌ I don't upload any videos but I do watch a lot on #YouTube and—as with WhatsApp—I‘m not willing to cut myself off; no viable alternative.

❌ #SmartHome has quite a lot of Google: home wifi mesh and voice assistant, plus #Nest cameras, doorbell, and thermostat. Hmm. TBD.

✅ And of course I left the bird site in the great migration of Nov ‘22 and came here. As of 2024, I’m self-hosted so my data physically lives in my home office on a #RPi with full and incremental backups running to an external disk. Planning to upgrade from SD card to SSD in 2025.

Happy with my progress so far! 👍

N.B. I have my reasons for not completely deleting some of the above accounts; they will remain dormant.

Jan 26, 2025, 14:18 · · · 2 · 0
TagHunt

@markwyner

--- [ I mistook passkeys for hardware keys scrol for my comment on actual passkeys not hardware keys ] ---

When using hardwarekeys its best to keep multiple. That way if one is lost you can use the spare.
One you use as your regular and the other one in cold storage.

Or use one of those authentication apps.

Whether its better than passwords depends on your specific use case.
If you're in a space where shoulder surfing is a possibility i'd go for a passkey on a leash. Or if you're at home for convenience.

Passwords are best when used with a passwordmanager like #keepassxc

I personally use a combination. Hardware keys are a dream for #2fa but i still use passwords plenty

--- [ (software)passkeys ] ---

For passkeys i'd wait a bit. Support is still shoddy and inconsistent imo. There are some applications like KeepassXC that have decent support. Altough that doesn't fix the site-side of things.

Personally i'd stay with passwords because #ItJustWorks
Get yourself a password manager

Like @toddz said, In theory they're decent but in practice not really worth the effort

Jan 26, 2025, 11:42 · · · 0 · 0
D. Creemer

Is there any decent US #bank that offers real #2fa where I can disable SMS? The #BofA app has become mostly ads and is getting less usable…. I know about (and use) Credit Unions - please let me know about a bank

Erik van Straten

@Tarah : MFA sucks. Alex Weinert wrote in _2019_, in techcommunity.microsoft.com/t5:

A few days ago, our team helped someone who had been a target of account takeover (ATO). Despite protecting the account with mandatory two-step verification using SMS and the Authenticator app, attackers had broken into the account and changed the password.

MFA had failed.

Every idiot can now hire an "Evil Proxy" service (using EvilGinx2 or similar).

Watch the animated GIF's in phishify.nl/phishing-blog/aitm (such as phishify.nl/img/aitm-phishing.).

We need to fix the web (infosec.exchange/@ErikvanStrat) instead of hanging on to old and failing (heise.de/en/news/Microsoft-Pro) technology with flawed implementations (usenix.org/conference/usenixse).

And we need better passkeys (infosec.exchange/@ErikvanStrat).

@dangoodin
@conorgil

#MFA #2FA #AitM #MitM #EvilGinx2 #FakeWebsites #FakeVPNLogins

lars

Finde ich es einfach nicht oder unterstützt #Apple echt keine #TOTP-#2FA für den Apple-#Account? 😬

Ich bekomme nur Telefon/SMS-2FA angeboten...

Biorreactivo

Buenos días, gente guapa de Mastodon.
Quería una app para 2FA (autenticación en dos pasos) que fuese FOSS y funcionase en MacOS (desktop). Mi uni sólo me sugiere una de la Store, cerrada y "compras en la aplicación".
Se agradecerá cualquier sugerencia.
#2FA #MacOS #FOSS

Michael Simons

Everybody who is happy about #Garmin having rolled out #ECG in the #EU and has now #2fa enabled in their account but still want to script a thing or two with #JWT and #Bearer from the site, rejoice… My login script can now deal with that, too… Love #curl and #jq

github.com/michael-simons/garm

Now I wait for a new firmware for my watch, because I'm on a beta on which ECG is disabled, lol…

Saupreiss #Präparat500

Denkt dabei auch an #Passwortmanager, #2fa und #Passkeys. Das Handy ist für kritische Dinge als kompromittiert zu betrachten.