nixCraft 🐧
@nixCraft@mastodon.social
We replaced passwords with something worse https://blog.danielh.cc/blog/passwords
nixCraft 🐧@nixCraft@mastodon.social
DreamWave@DreamWave@infosec.exchange
@nixCraft@mastodon.social Well that's absolutely useless. Good job popularizing this meaningless piece of text.
Marius (windsheep)@windsheep@infosec.exchange
@nixCraft@mastodon.social I disagree. Logins are a waste of time
Different Than@guyjantic@infosec.exchange
@nixCraft@mastodon.social As a non security professional... how does an attacker get the code sent to them? Are there services you can use that will redirect an email from its legitimate target to your arbitrary destination?
@Rob_J@mastodon.social
@guyjantic@infosec.exchange @nixCraft@mastodon.social the idea, as I understand it, is that the attacker would pretend to be the service you intend to use. Then as you try to log in to the fake service, the attacker asks the real service to send you a login code. You give this to the fake service, thinking it is legitimate and the attacker can then use it to access the real service.
Different Than@guyjantic@infosec.exchange
@Rob_J@mastodon.social @nixCraft@mastodon.social Devious. And this reminds me my personal data backups are not quite up to snuff.