101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

500
active users

#2fa

3 posts3 participants0 posts today

→ SMS 2FA is not just insecure, it's also hostile to mountain people
blog.stillgreenmoss.net/sms-2f

“there are 1.1 million people in these western north carolina mountains, 25 million in the rest of the appalachians, and many millions more in the mountain west and pacific ranges.

we have internet, but we have F-tier cell service — what are we supposed to do?”

stillgreenmoss · SMS 2FA is not just insecure, it's also hostile to mountain peoplei have a friend -- she's an old lady born and raised here in the western north carolina mountains. she hates computers, yes, but she's be...
#SMS#2FA#insecure

嚇死! 😨 在 g0v social 換 #2FA 的頁面按備份碼,擷圖前按 F5 打算讓更新訊息消失,它居然會 refresh 備份碼,好奇多按兩次,心知不妙

重新登入,2FA 無效!幹

$38,000… GONE while he was sleeping.

That’s how fast SIM-swapping can destroy your financial life.

In just 3 hours, a hacker took over Justin Chan’s phone number, intercepted his two-factor codes, and emptied his bank and trading accounts. No alarms. No notifications. Just silent access and drained funds.

It didn’t happen because he was careless.
It happened because the attacker exploited a broken system:

- His mobile carrier transferred his number to a new device without proper checks
- His 2FA codes were sent to that new device
- His bank and investment apps trusted that number

This is the $38,000 mistake most people never see coming. Because by the time you realize something is wrong — it’s already too late.

The worst part? Getting the money back was harder than the hack itself.
It took media pressure, endless follow-ups, and months of stress just to get refunded.

Mobile numbers are the new master key — and most people are handing them out unlocked.

If your 2FA is tied to your phone number, it's time to change that.
If your carrier doesn’t lock down your SIM by default, it’s time to upgrade.
And if your bank’s idea of protection is a form letter and a closed case, don’t wait for a wake-up call at 3AM.

Continued thread

There are different articles floating on the internet of people who've experienced the same as I have. For no reason, without any warning, you cannot uninstall authy anymore on your device.

If you do a few things will happen; one of them is that after installation it will not allow you to get an SMS from your mobile phone, or it will allow that, but you will not be able to add any new accounts.

In either case the program has become worthless and you will get no warning ⚠️

Have you started migrating your authy MFA 2FA accounts to open source MFA clients?

¡¿No?!

Please start asap. The company has quietly been changing things with this important program and since they do not allow you to export your accounts easily, you will be in a situation where you have to systematically migrate the most important account you have to open source clients

At a certain point authy will stop working even on your new Androids without explanation no **fucks given**