this post was submitted on 01 Mar 2024
381 points (99.2% liked)
Technology
60110 readers
3526 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yep SMS two factor authentication usage was officially suggested to no longer utilize by NIST in 2016, and in practice before that, to your point.
This shit is old, people! It's trivial to compromise. Start transitioning where you can to passkeys and start using an app based MFA, like Duo or Authy, both free.
My bank literally said no. I asked about using a yubikee or something like Google authenticator and they literally said, enable a pass phrase. That's what they told me.
My stupid work app requires us to change our password every 6 months, no special characters so it's harder to use PW generators, and they don't even support 2FA. Nice that an app that stores my 401k and W-2 documents uses such amateur data security policy.