Dr. Jorge CaballeroNov 8, 2022

If the traffic hitting the fedified.com firewall is any indication, Putin has activated his cyber minions.

For those who are just getting started on Mastodon, especially if you have a large following, I urge you to enable multi-factor authentication on your account here and on Twitter

#TwitterMigration #ShieldsUp

Show threadFuzzyBlackSheepNov 8, 2022
@DataDrivenMD This needs to become the standard practice for anyone creating accounts online. Unique passwords and 2FA. It is always the first thing I do. #Bitwarden for password generation and storage. It will also store my 2FA backup codes. There are other equally great options as well. #personalOpsec
Show threadScott Weston (srw)Nov 8, 2022
@FuzzyWuzzy @DataDrivenMD but if #BitWarden was to be compromised won't they have both your password and your 2fa and so full access to your account? I think prefer my NFC Yubikey for my 2fa.
Show threadFuzzyBlackSheepNov 8, 2022

@scott @DataDrivenMD good thing #Bitwarden offers 2FA. Though I am pretty confident that they also encrypt my master password which is also soley unique along with the email address that is only used for bitwarden.

My problem with Yubikey and other physical device tokens is that they are a major headache if you ever lose one. Which is what happened to me when I lost my keychain over the side of boat.

Show threadScott Weston (srw)Nov 8, 2022
@FuzzyWuzzy @DataDrivenMD I went with a 2nd Yubikey I keep in sync and in a safe, but yes it would be a pain to lose but to me it seems better than storing passwords and 2fa creds in the same place 😂
Show threadFuzzyBlackSheepNov 8, 2022
@scott @DataDrivenMD I don't know of anyone capable of breaking AES 256bit encryption without the key. And since I have the key (which is also encrypted), my #bitwarden vault is safe. This isn't business needs here. I have hard tokens for those needs. But for my personal life, a soft token (TOTP authentication app) is plenty safe. And storing them together in an encrypted vault is fine. If you didn't know, bitwarden can be hosted on your private server if so deisred!
Show threadScott Weston (srw)
@FuzzyWuzzy @DataDrivenMD yeah I use bitwarden for my lower priority stuff that I just need sync'd everywhere (mostly smartphone app fluff 😆) and my important stuff is in self hosted gopass (so git+pgp) because I'm a massive nerd 🤣
Nov 8, 2022 at 9:54pmWeb