eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

215
active users

#multifactorauthentication

0 posts0 participants0 posts today
Redhotcyber<p>Io non ho mai usato l'antivirus... lo sapete perché? Perché il mio sistema operativo è superiore! È... ehm... oddio, aspetta che si è bloccato tutto mentre aprivo il SUDO.</p><p><a href="https://mastodon.bida.im/tags/redhotcyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redhotcyber</span></a> <a href="https://mastodon.bida.im/tags/meme4cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meme4cyber</span></a> <a href="https://mastodon.bida.im/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.bida.im/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://mastodon.bida.im/tags/hacker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacker</span></a> <a href="https://mastodon.bida.im/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.bida.im/tags/infosecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosecurity</span></a> <a href="https://mastodon.bida.im/tags/quotes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>quotes</span></a> <a href="https://mastodon.bida.im/tags/meme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meme</span></a> <a href="https://mastodon.bida.im/tags/comica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>comica</span></a> <a href="https://mastodon.bida.im/tags/vignette" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vignette</span></a> <a href="https://mastodon.bida.im/tags/citazioni" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>citazioni</span></a> <a href="https://mastodon.bida.im/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://mastodon.bida.im/tags/sicurezzainformatica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sicurezzainformatica</span></a> <a href="https://mastodon.bida.im/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.bida.im/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.bida.im/tags/awareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>awareness</span></a> <a href="https://mastodon.bida.im/tags/meme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meme</span></a> <a href="https://mastodon.bida.im/tags/memetime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>memetime</span></a> <a href="https://mastodon.bida.im/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.bida.im/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://mastodon.bida.im/tags/MultifactorAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultifactorAuthentication</span></a> <a href="https://mastodon.bida.im/tags/DigitalSafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalSafety</span></a> <a href="https://mastodon.bida.im/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.bida.im/tags/ITHumor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITHumor</span></a> <a href="https://mastodon.bida.im/tags/BetterSafeThanSorry" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BetterSafeThanSorry</span></a> <a href="https://mastodon.bida.im/tags/PasswordAddio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordAddio</span></a> <a href="https://mastodon.bida.im/tags/AwarenessWithASmile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AwarenessWithASmile</span></a></p>
Europe Says<p><a href="https://www.europesays.com/2174018/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2174018/</span><span class="invisible"></span></a> Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers <a href="https://pubeurope.com/tags/Academia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Academia</span></a> <a href="https://pubeurope.com/tags/ApplicationSpecificPasswords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ApplicationSpecificPasswords</span></a> <a href="https://pubeurope.com/tags/apt29" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apt29</span></a> <a href="https://pubeurope.com/tags/CitizenLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CitizenLab</span></a> <a href="https://pubeurope.com/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a> <a href="https://pubeurope.com/tags/GoogleThreatIntelligenceGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleThreatIntelligenceGroup</span></a> <a href="https://pubeurope.com/tags/KeirGiles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeirGiles</span></a> <a href="https://pubeurope.com/tags/MultiFactorAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiFactorAuthentication</span></a>(mfa) <a href="https://pubeurope.com/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a></p>
Redhotcyber<p>🔐 L’era delle password è finita.</p><p><a href="https://mastodon.bida.im/tags/redhotcyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redhotcyber</span></a> <a href="https://mastodon.bida.im/tags/meme4cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meme4cyber</span></a> <a href="https://mastodon.bida.im/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.bida.im/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://mastodon.bida.im/tags/hacker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacker</span></a> <a href="https://mastodon.bida.im/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.bida.im/tags/infosecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosecurity</span></a> <a href="https://mastodon.bida.im/tags/quotes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>quotes</span></a> <a href="https://mastodon.bida.im/tags/meme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meme</span></a> <a href="https://mastodon.bida.im/tags/comica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>comica</span></a> <a href="https://mastodon.bida.im/tags/vignette" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vignette</span></a> <a href="https://mastodon.bida.im/tags/citazioni" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>citazioni</span></a> <a href="https://mastodon.bida.im/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersec</span></a> <a href="https://mastodon.bida.im/tags/sicurezzainformatica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sicurezzainformatica</span></a> <a href="https://mastodon.bida.im/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.bida.im/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.bida.im/tags/awareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>awareness</span></a> <a href="https://mastodon.bida.im/tags/meme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meme</span></a> <a href="https://mastodon.bida.im/tags/memetime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>memetime</span></a> <a href="https://mastodon.bida.im/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.bida.im/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> <a href="https://mastodon.bida.im/tags/MultifactorAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultifactorAuthentication</span></a> <a href="https://mastodon.bida.im/tags/DigitalSafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalSafety</span></a> <a href="https://mastodon.bida.im/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://mastodon.bida.im/tags/ITHumor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITHumor</span></a> <a href="https://mastodon.bida.im/tags/BetterSafeThanSorry" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BetterSafeThanSorry</span></a> <a href="https://mastodon.bida.im/tags/PasswordAddio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordAddio</span></a> <a href="https://mastodon.bida.im/tags/AwarenessWithASmile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AwarenessWithASmile</span></a></p>
Nebraska.Code<p>Kunle Adeleke presents 'Securing your workload with a modern customer identity and access management (CIAM) - Amazon Cognito' July 25th at Nebraska.Code().</p><p><a href="https://nebraskacode.amegala.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">nebraskacode.amegala.com/</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/AmazonCognito" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AmazonCognito</span></a> <a href="https://mastodon.social/tags/AccessManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AccessManagement</span></a> <a href="https://mastodon.social/tags/multifactorauthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>multifactorauthentication</span></a> <a href="https://mastodon.social/tags/Nebraska" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nebraska</span></a> <a href="https://mastodon.social/tags/SeamlessIntegration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SeamlessIntegration</span></a> <a href="https://mastodon.social/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Technology</span></a> <a href="https://mastodon.social/tags/TechConference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechConference</span></a> <a href="https://mastodon.social/tags/userauthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>userauthentication</span></a> <a href="https://mastodon.social/tags/passwordlesslogin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordlesslogin</span></a> <a href="https://mastodon.social/tags/adaptiveauthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>adaptiveauthentication</span></a> <a href="https://mastodon.social/tags/CIAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIAM</span></a> <a href="https://mastodon.social/tags/compromisedcredentialsdetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>compromisedcredentialsdetection</span></a><br><a href="https://mastodon.social/tags/techworkload" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>techworkload</span></a> <a href="https://mastodon.social/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AWS</span></a> <a href="https://mastodon.social/tags/softwaredevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwaredevelopment</span></a> <a href="https://mastodon.social/tags/softwareengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwareengineering</span></a></p>
Bytes Europe<p>What Every Business Needs To Know About Multi-Factor Authentication <a href="https://www.byteseu.com/1008688/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1008688/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a> <a href="https://pubeurope.com/tags/CybersecurityStrategies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersecurityStrategies</span></a> <a href="https://pubeurope.com/tags/MultiFactorAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiFactorAuthentication</span></a> <a href="https://pubeurope.com/tags/OrganizationalResilience" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OrganizationalResilience</span></a></p>
Europe Says<p><a href="https://www.europesays.com/1805586/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/1805586/</span><span class="invisible"></span></a> Data breaches continued to surge in 2024, new report shows <a href="https://pubeurope.com/tags/BreachNotifications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BreachNotifications</span></a> <a href="https://pubeurope.com/tags/ConsumerProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConsumerProtection</span></a> <a href="https://pubeurope.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://pubeurope.com/tags/Data" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Data</span></a> <a href="https://pubeurope.com/tags/DataBreaches" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreaches</span></a> <a href="https://pubeurope.com/tags/IdentityTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IdentityTheft</span></a> <a href="https://pubeurope.com/tags/MaineLaw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MaineLaw</span></a> <a href="https://pubeurope.com/tags/MultiFactorAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiFactorAuthentication</span></a> <a href="https://pubeurope.com/tags/StolenCredentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StolenCredentials</span></a></p>
Europe Says<p><a href="https://www.europesays.com/1804228/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/1804228/</span><span class="invisible"></span></a> Data breaches continued to surge in 2024, new report shows <a href="https://pubeurope.com/tags/BreachNotifications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BreachNotifications</span></a> <a href="https://pubeurope.com/tags/ConsumerProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConsumerProtection</span></a> <a href="https://pubeurope.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://pubeurope.com/tags/Data" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Data</span></a> <a href="https://pubeurope.com/tags/DataBreaches" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreaches</span></a> <a href="https://pubeurope.com/tags/IdentityTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IdentityTheft</span></a> <a href="https://pubeurope.com/tags/MaineLaw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MaineLaw</span></a> <a href="https://pubeurope.com/tags/MultiFactorAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiFactorAuthentication</span></a> <a href="https://pubeurope.com/tags/StolenCredentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StolenCredentials</span></a></p>
ティージェーグレェ"GitHub noreply@github.com<br><br>Fri, Dec 13, 7:12 PM (12 hours ago)<br><br>to me<br><br>Hey [redacted]!<br><br>We're reaching out to let you know that, as announced last year, we have officially begun requiring users who contribute code on GitHub.com to have two-factor authentication (2FA) enabled.<br><br>Your account meets this criteria, and you will need to enroll in 2FA within 45 days, by January 27th, 2025 at 00:00 (UTC). After this date, your access to GitHub.com will be limited until you enroll in 2FA. Enrolling is easy, and we support several options, starting with TOTP apps and text messages (SMS) and then adding on passkeys and the GitHub Mobile app."<br><br>Fucking GitHub.<br><br>It's <i>not</i> 2FA.<br><br>2FA is <i>two</i> factors.<br><br>A <i>username</i> and a <i>passphrase</i> are <i>already</i> <i>two</i> factors!<br><br>Also see: Citadel BBSes, where they only asked for a passphrase (one factor authentication).<br><br>Well, unless SysOps turned on "paranoid mode" which then prompted for a username <i>and</i> a passphrase, thus: TWO factor authentication.<br><br>Whatever bull it.sh GitHub is on about <i>again</i> is MFA (Multi-Factor Authentication) but they're too fucking <i>stupid</i> to use the correct terminology and since they were bought by Micro$oft they're <i>never</i> going to get smarter, only <i>dumber</i>.<br><br>I remember dealing with something similar from them a year or two ago?<br><br>I enumerated, I <i>think</i> as many as six, possibly <i>seven</i> different authentication factors?<br><br>As it stands:<br><br>1. username<br>2. passphrase<br>3. often (but not always) when attempting to login from a different IP/browser/whathaveyou it will send a "Verification Code" to the associated email address (so at least three, but maybe 4 depending on how you count)<br>4. SSH keys. When I checkout/clone a repository/branch/fork and push changes, it prompts me for an SSH key.<br>5. My SSH keys are also passphrase protected.<br>6. Passkeys are an option (apparently, I feel as if since I am already using no fewer than 4-5 authentication factors, adding 6 is starting to get <i>fucking idiotic</i>).<br>7. TOTP options? (That requires like: an <i>app</i> or a physical dongle/token, and apps also require phones, so that's really more like 8)<br>8. SMS/text messages aka Phone numbers (which also require a phone and a subscription/service so maybe more like 9) Moreover, given that EVEN THE FBI is recommend people STOP USING TEXT MESSAGES? THIS HAS TO BE THE FUCKING STUPIDEST IDEA EVER!<br><br>What was wrong with just sending a verification code to an SMTP address during login attempts like you have <i>already</i> been doing for <i>fucking years</i>?<br><br>I <i>hate</i> GitHub.<br><br>If you <i>don't</i> hate GitHub, I think: maybe you aren't experienced enough to understand why anyone would <i>hate</i> them.<br><br>But great, now I have 45 days to jump through some more bull it.sh because GitHub is staffed by absolute <i>morons</i> apparently.<br><br>Or maybe GitHub has been replaced by an LLM which can't count above <i>two</i>? Maybe that would explain it and their absolutely atrocious demeaning of terminology when more accurate terminology has existed for an awfully long time already.<br><br>Of course, GitHub aren't the only morons to misuse the phrase 2FA when they should be using the phrase MFA; but I don't tend to encounter the other morons insisting I enable 2FA when I am <i>already</i> using at <i>least</i> 4 authentication factors in any given code modification with their shitty hosted proprietary DVCS.<br><br><a href="https://snac.bsd.cafe?t=github" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> <a href="https://snac.bsd.cafe?t=2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> <a href="https://snac.bsd.cafe?t=mfa" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://snac.bsd.cafe?t=multifactorauthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#MultiFactorAuthentication</a> <a href="https://snac.bsd.cafe?t=githubcannotcount" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHubCannotCount</a> <a href="https://snac.bsd.cafe?t=securitytheater" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityTheater</a> <a href="https://snac.bsd.cafe?t=bullshit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bullshit</a><br>
Fabian ¯\_(ツ)_/¯<p>Das <a href="https://chaos.social/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> Setup bei <a href="https://chaos.social/tags/GitLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitLab</span></a> ist ja auch bescheuert. Hardware tokens (yubikeys und so) kannst du beliebig viele einrichten, <a href="https://chaos.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOTP</span></a>-authenticator nur einen. Wäre ja kein Problem, aber wenn du den TOTP-Authenticator neu einrichten willst (zb. weil das Smartphone wo er drauf war eingegangen ist) musst du mfa komplett deaktivieren (und damit auch *alle* hardware tokens entfernen), um dann alles wieder neu zu registrieren..</p><p>Wer hat sich diesen Schmarren ausgedacht?</p><p><a href="https://chaos.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://chaos.social/tags/MultiFactorAuthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiFactorAuthentication</span></a></p>
netrom<p>With it being <a href="https://infosec.exchange/tags/BlackFriday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackFriday</span></a> and all, I hope nobody is caught up in scams or phishing attacks while doing their (frantic!) online <a href="https://infosec.exchange/tags/shopping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shopping</span></a>.</p><p>Here are a few <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> and <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> tips that I hope will help somebody:</p><p>1) If you have a coupon code, don't follow a provided link to the shopping page. Instead find the page yourself, e.g., via a <a href="https://infosec.exchange/tags/searchengine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>searchengine</span></a>, and then input the coupon code manually.</p><p>2) Access online shops without being logged in, and without any <a href="https://infosec.exchange/tags/cookies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cookies</span></a>, such that the shop cannot set prices according to <a href="https://infosec.exchange/tags/personaldata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>personaldata</span></a> or previous purchases (yes, they do that). Except, of course, if the discount is only available when actually having an account. Attempt anonymously first.</p><p>3) An improvement to 2) is accessing online shops via <a href="https://infosec.exchange/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> or similar. </p><p>4) Use a <a href="https://infosec.exchange/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a> such that <a href="https://infosec.exchange/tags/ISPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ISPs</span></a> and other adversaries cannot obtain or spoof information. It also protects your data, like credit card info, if you are using public a <a href="https://infosec.exchange/tags/WiFi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WiFi</span></a> (never do that without VPN).</p><p>5) As corollary to 4) you can even sometimes get discounts by using a different location than your own.</p><p>6) Use a <a href="https://infosec.exchange/tags/passwordmanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordmanager</span></a> for your credentials such that they can be longer and harder to guess/crack. This also means you don't have to remember (or even know) them by heart.</p><p>7) Setup <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> for your accounts such that, together with 6), it is harder for adversaries to break in and steal data and/or make automated purchases on your behalf if possible. It is highly advisable using an authenticator app instead of code-by-SMS. For further protection, you can even use <a href="https://infosec.exchange/tags/biometrics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>biometrics</span></a>, like <a href="https://infosec.exchange/tags/fingerprints" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fingerprints</span></a> or facial scans. And/or a hardware device supporting <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a>/#U2F or similar.</p><p>Note that these tips are applicable also when not shopping, and I would encourage them all.</p><p>Stay safe and have an awesome Friday!</p><p><a href="https://infosec.exchange/tags/mastodontips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mastodontips</span></a> <a href="https://infosec.exchange/tags/feditips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>feditips</span></a> <a href="https://infosec.exchange/tags/profiling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>profiling</span></a> <a href="https://infosec.exchange/tags/personalidentifyinginformation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>personalidentifyinginformation</span></a> <a href="https://infosec.exchange/tags/pii" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pii</span></a> <a href="https://infosec.exchange/tags/internetserviceproviders" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>internetserviceproviders</span></a> <a href="https://infosec.exchange/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tor</span></a> <a href="https://infosec.exchange/tags/multifactorauthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>multifactorauthentication</span></a> <a href="https://infosec.exchange/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2fa</span></a> <a href="https://infosec.exchange/tags/twofactorauthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>twofactorauthentication</span></a> <a href="https://infosec.exchange/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a></p>
Jef Kazimer😶‍🌫️<p>With the ever increasing attacks on users, moving to <a href="https://infosec.exchange/tags/multifactorauthentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>multifactorauthentication</span></a> is a must in order to reduce the attack surface of just relying on a password to secure access to resources. Implementing <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a> that is enforced all the time relies on also having a good user experience, which gave rise to mobile authenticator apps since many users always have their phones with them. However it also gave rise to <a href="https://infosec.exchange/tags/mfabombing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mfabombing</span></a> and griefing to get those users to approve. With the recent GA of <a href="https://infosec.exchange/tags/microsoftauthenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoftauthenticator</span></a> <a href="https://infosec.exchange/tags/azuread" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>azuread</span></a> orgs can enable number match and context for the push notification to further improve the <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> of the users by avoiding the blind approval of a push notification. </p><p>🔥 See the post on the AzureAD blog here and go enable these settings for your organization <a href="https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/advanced-microsoft-authenticator-security-features-are-now/ba-p/2365673" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techcommunity.microsoft.com/t5</span><span class="invisible">/microsoft-entra-azure-ad-blog/advanced-microsoft-authenticator-security-features-are-now/ba-p/2365673</span></a> <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoft</span></a> <a href="https://infosec.exchange/tags/office365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>office365</span></a> <a href="https://infosec.exchange/tags/o365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>o365</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a></p>