Conversation

Notices

1. Embed this notice
   Molly White (molly0xfff@hachyderm.io)'s status on Wednesday, 08-Nov-2023 16:02:31 JST Molly White

   • enter password for password manager
   • verify from email that it's me signing in from a "new location" (VPN)
   • use security key
   • use password from manager to sign into actual service
   • complete image CAPTCHA
   • receive text message with 2FA code
   • unlock phone with fingerprint to get code
   • access service

   • Embed this notice
     VessOnSecurity (bontchev@infosec.exchange)'s status on Wednesday, 08-Nov-2023 23:36:48 JST VessOnSecurity

     in reply to

     • unlofl [Promoted Toot]

     @unlofl @molly0xfff
     The 3 authentication factors:

     - Something you forgot.
     - Something you left in the taxi.
     - Something that can be chopped off.

   • Embed this notice
     unlofl [Promoted Toot] (unlofl@mstdn.social)'s status on Wednesday, 08-Nov-2023 23:36:49 JST unlofl [Promoted Toot]

     in reply to

     @molly0xfff Somebody on here pointed out that "MFA means it requires one thing that you can lose, and one thing that you can forget" and I keep thinking about that.

     GreenSkyOverMe (Monika) repeated this.
   • Embed this notice
     Molly White (molly0xfff@hachyderm.io)'s status on Wednesday, 08-Nov-2023 23:36:50 JST Molly White

     in reply to

     don't get me wrong, i'm always happy to have the option to use 2FA/etc for my services, but holy moly that was a lot