Mysk🇨🇦🇩🇪

Google Authenticator still syncs two-factor authentication secrets without E2EE. If you enable cloud syncing, this means:

1️⃣ Google can read the secrets and generate one-time passwords for your accounts
2️⃣ Google knows the services you use
3️⃣ #Google knows your usernames
4️⃣ Given a court order, Google is obliged to hand over this data to law enforcement

#Privacy #privacymatters #CyberSecurity #infosec
defcon.social/@mysk/1102623132

1+
Christoph Schmees

@mysk
I for one would NEVER use #Google Auth. I would NEVER use Google for anything relevant for #security or #privacy. I would NEVER use Google at all. I refuse to correspond to gmail. And so forth.

1
dbread
Follow

@PC_Fluesterer @mysk I'm with you here. I tried to explain this to our HR department that there exist people who want to and can live without . Got weird responses.

· · 1 · 0 · 2
Christoph Schmees

@dbread @mysk Could you cite the best of them? Many thanks! 😀

1
dbread

@PC_Fluesterer @mysk Basically: "There are no such people. Not in the business world."

But I am a people (should have been my response)

0
Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…