|
yeah, you might have to disable 2fa to remove your mobile, then re-enable it. I forget the flow, it was different when I did it
|
#
?
Jul 8, 2017 20:21
|
|
|
|
| # ? May 14, 2024 01:38 |
|
|
Subjunctive posted:yeah, you might have to disable 2fa to remove your mobile, then re-enable it. I forget the flow, it was different when I did it as ofright now, you can't do this. If you want to set up 2fa, it has to be SMS, and you can add something else, but SMS will always have to be active.
|
|
#
?
Jul 8, 2017 20:34
|
|
|
Progressive JPEG posted:I have facebook 2fa enabled with totp/gauth. They still send me sms codes and the sms codes still work. Afaict there's no way to just have totp 2fa. top of the pops 2fa? so you have to mime playing an instrument? :P
|
|
#
?
Jul 8, 2017 21:01
|
|
|
Chris Knight posted:top of the pops 2fa? so you have to mime playing an instrument? :P
|
|
#
?
Jul 8, 2017 21:06
|
|
|
yeah fb can't do normal totp without a phone any more, i got caught out by this recently, it's lame
|
|
#
?
Jul 8, 2017 22:58
|
|
|
not that 2fa over sms isn't still poo poo but maybe the telco oughta be picking up on the fact that someone's tried to reset your password 219 times in the last hour and a half physically going to the rogers store to unlock my phone is simple because the drat things are everywhere, i wonder if i can just have them forbid anything over the phone other than "i lost my phone cause i'm a moron, brick it pls"
|
|
#
?
Jul 8, 2017 23:10
|
|
|
flakeloaf posted:not that 2fa over sms isn't still poo poo but maybe the telco oughta be picking up on the fact that someone's tried to reset your password 219 times in the last hour and a half you can set a verbal password on most carriers so that if someone were to be like "lol cancel my service" then "lol i'm op and now i use this other service send me lovely 2f texts", they'd have to give the verbal password or show an id at the carrier's store.
|
|
#
?
Jul 8, 2017 23:49
|
|
|
my voice is my passport
|
|
#
?
Jul 8, 2017 23:51
|
|
|
Rufus Ping posted:yeah fb can't do normal totp without a phone any more, i got caught out by this recently, it's lame
|
|
#
?
Jul 8, 2017 23:57
|
|
|
maskenfreiheit posted:you can set a verbal password on most carriers so that if someone were to be like "lol cancel my service" then "lol i'm op and now i use this other service send me lovely 2f texts", they'd have to give the verbal password or show an id at the carrier's store. Popup note on your customer file that a rep may or may not even read, easy to socially engineer your way past because people genuinely want to be helpful.
|
|
#
?
Jul 8, 2017 23:59
|
|
|
yeah it disables itself when you remove your phone number
|
|
#
?
Jul 8, 2017 23:59
|
|
|
Rufus Ping posted:yeah it disables itself when you remove your phone number ah! i did not see the nuance. sorry. i thought you meant the mobile app. that's bad. it'll be susceptible to the hoodwinked carrier csr thing then.
|
|
#
?
Jul 9, 2017 00:06
|
|
|
James Baud posted:Popup note on your customer file that a rep may or may not even read, easy to socially engineer your way past because people genuinely want to be helpful. jennifer joy secured her toy and zachary zugg helped breach it wanna be helpful? don't let anyone who isn't me feel free to be me
|
|
#
?
Jul 9, 2017 00:11
|
|
|
flakeloaf posted:jennifer joy I'd say the real trick is to have "not your real name" on your phone account. Prepaid in a relative's or just totally fake name. I don't do it, but I've considered it.
|
|
#
?
Jul 9, 2017 00:23
|
|
|
Y'all sound so depressed and cynical about every method of protecting user data like login credentials. If 2fa using my phone isn't going to keep my neopets account safe what is?
|
|
#
?
Jul 9, 2017 09:53
|
|
|
I use antifa on all my accounts
|
|
#
?
Jul 9, 2017 09:56
|
|
|
using a 2fa code tattooed to your dick
|
|
#
?
Jul 9, 2017 10:00
|
|
|
get ready for drm on html5 video https://www.eff.org/deeplinks/2017/07/amid-unprecedented-controversy-w3c-greenlights-drm-web
|
|
#
?
Jul 9, 2017 10:16
|
|
|
spankmeister posted:I use antifa on all my accounts preparing for imac pro eh?
|
|
#
?
Jul 9, 2017 10:17
|
|
|
cinci zoo sniper posted:if you ever say it "zero day" to a british person you'll be laughed out into the loving oblivion. do you also "zero" when dictating a phone number with 0 in it? i am a british person who says "zero day"
|
|
#
?
Jul 9, 2017 10:22
|
|
|
Mr SuperAwesome posted:i am a british person who says "zero day" zero really?  but yeah thread opinions and my limited experiences are different things. not that it matters much, im just more and more curious how oh-day hasn't seen broader, i guess, adoption due to being easier and shorter to say while retaining the clarity of meaning
|
|
#
?
Jul 9, 2017 10:26
|
|
|
Mr SuperAwesome posted:i am a british person who says "zero day" GET HIM
|
|
#
?
Jul 9, 2017 10:26
|
|
|
if you say anything else than "zero day" you should probably not be in this kind of business
|
|
#
?
Jul 9, 2017 10:28
|
|
|
geonetix posted:if you say anything else than "zero day" you should probably not be in this kind of business thankfully im a financial analyst  just interested in reading and talking about dangerous computers
|
|
#
?
Jul 9, 2017 10:31
|
|
|
obviously SMS 2FA is bad, but if you're using gauth/totp whatever and lose your phone, what then?
|
|
#
?
Jul 9, 2017 10:35
|
|
|
Mr SuperAwesome posted:obviously SMS 2FA is bad, but if you're using gauth/totp whatever and lose your phone, what then? i mean, how different is it from loosing phone with sms 2fa, or do your carriers restore stolen numbers?
|
|
#
?
Jul 9, 2017 10:37
|
|
|
cinci zoo sniper posted:i mean, how different is it from loosing phone with sms 2fa, or do your carriers restore stolen numbers? they do, but the attack surface with sms 2fa is not stolen phones according to the defcon folk on that note at work we had our first official mention of APT this week; achievement unlocked!
|
|
#
?
Jul 9, 2017 10:38
|
|
|
Maximum Leader posted:using a 2fa code tattooed to your dick Well that would guarantee security via obscurity, but I don't know if three characters would be secure enough....
|
|
#
?
Jul 9, 2017 10:41
|
|
|
Mr SuperAwesome posted:obviously SMS 2FA is bad, but if you're using gauth/totp whatever and lose your phone, what then? pretty much every 2fa scheme ive seen has a set of recovery codes you can print off, so do that?
|
|
#
?
Jul 9, 2017 10:47
|
|
|
Mr SuperAwesome posted:obviously SMS 2FA is bad, but if you're using gauth/totp whatever and lose your phone, what then? like how is this even a question
|
|
#
?
Jul 9, 2017 11:00
|
|
|
cinci zoo sniper posted:i mean, how different is it from loosing phone with sms 2fa, or do your carriers restore stolen numbers? where are you, if I might ask, that losing your phone means getting a new phone number?
|
|
#
?
Jul 9, 2017 11:20
|
|
|
Subjunctive posted:where are you, if I might ask, that losing your phone means getting a new phone number? latvia. a significant portion of population uses prepaid for which im far from certain about the possibility to restore number in the case of theft. with contract plans that should of course be possible
|
|
#
?
Jul 9, 2017 11:23
|
|
|
Mr SuperAwesome posted:obviously SMS 2FA is bad, but if you're using gauth/totp whatever and lose your phone, what then? My phone broke so I emailed the company and asked them to turn off 2fa and they did it no questions asked. lol
|
|
#
?
Jul 9, 2017 12:18
|
|
|
"Zero" is a number. "Oh" is just a digit. It isn't called "0-day" because you have oh days to patch it.
|
|
#
?
Jul 9, 2017 12:35
|
|
|
Beverly hills nine zero two one zero
|
|
#
?
Jul 9, 2017 12:45
|
|
|
By the way the plural is zeroes day
|
|
#
?
Jul 9, 2017 12:47
|
|
|
spankmeister posted:By the way the plural is zeroes day argh
|
|
#
?
Jul 9, 2017 13:21
|
|
|
well SMS 2fa saved the day for me I guess. Thanks Microsoft.
|
|
#
?
Jul 9, 2017 13:33
|
|
|
spankmeister posted:By the way the plural is zeroes day it's pronounced jeeroes day
|
|
#
?
Jul 9, 2017 14:09
|
|
|
|
| # ? May 14, 2024 01:38 |
|
|
Google makes you add a phone number before turning on 2fa because extensive UX research has shown that users are too stupid not to gently caress it all up and lock themselves out of their account. You can remove the phone number later if you're a l33t power user, but that's probably the motivation for other sites requiring a phone number association when using 2fa.
|
|
#
?
Jul 9, 2017 14:26
|
|
