• @[email protected]
    link
    fedilink
    English
    285 months ago

    What confuses me is even a half-competent audit and pentest would absolutely have found an api endpoint that’s going to absolutely leak customer data, so the assumption I have to make is that, yet again, a “security” company can’t be fucked to do the bare minimum to ensure their security shit is you know, secure.

    • @LordKitsuna
      link
      English
      85 months ago

      Posting this against your comment for visibility, I would recommend anyone that was using authy switch to bitwarden’s dedicated 2F authentication app. The company maintains several security compliance certificates and fairly regularly gets audited which they post publicly at https://bitwarden.com/help/is-bitwarden-audited/

      • @[email protected]
        link
        fedilink
        English
        35 months ago

        Oh neat. I use their password manager but totally somehow missed them releasing a separate 2fa app.