@fne8w2ah to TechnologyEnglish • 8 months agoSIM-swapping ring stole $400M in crypto from a US company, officials allegearstechnica.comexternal-linkmessage-square13arrow-up1114arrow-down15
arrow-up1109arrow-down1external-linkSIM-swapping ring stole $400M in crypto from a US company, officials allegearstechnica.com@fne8w2ah to TechnologyEnglish • 8 months agomessage-square13
minus-square@[email protected]linkfedilinkEnglish24•8 months agoAnd this is why smart people don’t use text message to factor authentication, if at all possible. App based OTP is much safer
minus-square@[email protected]linkfedilinkEnglish4•8 months agoExactly. I don’t have a physical key because I would want one that has open source hardware and software.
minus-square/home/pineappleloverlinkfedilinkEnglish1•edit-28 months agoI believe Solokey is a brand that makes open source hardware keys. Edit: they might only be fido 2 level 1 and not level 2 like yubikey Edit 2: apparently there’s also openkey and nitrokey so those are some more options for you.
minus-square@[email protected]linkfedilinkEnglish1•8 months agoThanks, I will check them out, though, that only being level 1 could be a problem.
minus-squarePlantObserverlinkEnglish6•8 months agoI wish the companies that decide to only allow SMS 2FA (or none at all) will fucking realize this sooner rather than later
minus-square@[email protected]linkfedilinkEnglish2•8 months agoOr at least be held liable for any losses.
And this is why smart people don’t use text message to factor authentication, if at all possible. App based OTP is much safer
And yubikey
Exactly. I don’t have a physical key because I would want one that has open source hardware and software.
I believe Solokey is a brand that makes open source hardware keys.
Edit: they might only be fido 2 level 1 and not level 2 like yubikey
Edit 2: apparently there’s also openkey and nitrokey so those are some more options for you.
Thanks, I will check them out, though, that only being level 1 could be a problem.
I wish the companies that decide to only allow SMS 2FA (or none at all) will fucking realize this sooner rather than later
Or at least be held liable for any losses.