GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Gabriel Pettier (tshirtman@mas.to)'s status on Wednesday, 22-May-2024 16:18:45 JST Gabriel Pettier Gabriel Pettier
    in reply to
    • Adam Jacobs 🇺🇦

    @statsguy so it’s really better to just be safe(r) by default, and give as little as possible an attack surface so say, if a state actor is working against you, you are certainly still in trouble, but if it’s "just" a bunch of scammers, at least you are not an easy prey for them, it’ll cost them too much time/money to get you to you hope for a worthy reward.

    In conversation Wednesday, 22-May-2024 16:18:45 JST from mas.to permalink
    • Embed this notice
      Gabriel Pettier (tshirtman@mas.to)'s status on Wednesday, 22-May-2024 16:18:45 JST Gabriel Pettier Gabriel Pettier
      in reply to
      • Adam Jacobs 🇺🇦

      @statsguy Personnally i use freeotp+ for "one time passwords" like this, unless there is a specific app to use for the service, as this one is open sources and allows me to export my config in a file to save securely somewhere, in case my phone is stolen or lost (because yes, it can be a big problem if you lose your phone).

      In conversation Wednesday, 22-May-2024 16:18:45 JST permalink
    • Embed this notice
      Gabriel Pettier (tshirtman@mas.to)'s status on Wednesday, 22-May-2024 16:18:46 JST Gabriel Pettier Gabriel Pettier
      in reply to
      • Adam Jacobs 🇺🇦

      @statsguy NP, regarding the "need" part, that i had forgotten to answer, of course maybe not *all* apps need it, but one should not underestimate the ability to move "laterally", from gaining access to an apparently low criticity account/app, to others, by leveraging it for say, impersonation, or digging information that could help further attacks, email is of course the most obvious failure point, everyone has all their secrets in it, but social accounts can be used to extort money from friends

      In conversation Wednesday, 22-May-2024 16:18:46 JST permalink
    • Embed this notice
      Gabriel Pettier (tshirtman@mas.to)'s status on Wednesday, 22-May-2024 16:18:47 JST Gabriel Pettier Gabriel Pettier
      in reply to
      • Adam Jacobs 🇺🇦

      @statsguy sms is widely considered unsecure, yes, as it's possible to fraudulently clone a simcard, and get the sms instead of you, an app generated code doesn't have this issue, as they don't need communication, the code is time + key based, and if they did, they could communicate through encryption.

      In conversation Wednesday, 22-May-2024 16:18:47 JST permalink
    • Embed this notice
      Adam Jacobs 🇺🇦 (statsguy@mas.to)'s status on Wednesday, 22-May-2024 16:18:47 JST Adam Jacobs 🇺🇦 Adam Jacobs 🇺🇦
      in reply to

      @tshirtman Thanks!

      In conversation Wednesday, 22-May-2024 16:18:47 JST permalink
    • Embed this notice
      Adam Jacobs 🇺🇦 (statsguy@mas.to)'s status on Wednesday, 22-May-2024 16:18:48 JST Adam Jacobs 🇺🇦 Adam Jacobs 🇺🇦

      I've noticed that several websites where I've been happily using 2FA with them sending me an SMS message for years seem to want me to switch to using an authenticator app instead.

      Is that really more secure? How? And if so, is that level of security realistically needed for anything a normal person might do except banking?

      #cybersecurity

      In conversation Wednesday, 22-May-2024 16:18:48 JST permalink

      Attachments


Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.