Josh the BlockadedSep 4, 2024
It's 2024, and this is the majority of 2FA in a nutshell:

Institution: I'm sending you a code I need you to put into this form.
Institution: Also don't give it to anyone.
Institution: Oh except me.
Institution: Oh except for these other codes which we'll send from the same shortcode but will never ask you for.
Institution: Don't get confused or hacked lol

#infosec #security
Show threadPseudo Nym

@josh

#infosec life

Start the day, log in to machine.

Log in to password manager

Log in to SSO provider with password manager. Verify with push notification to phone for 2FA for SSO.

Use bookmark in SSO provider to non-SSO SaaS service.

User password manager to log into that service

Get email or SMS for 2FA for that service that doesn't support other 2FA methods

Biometric login to phone, again, which had locked for time out, to get code to type into browser

Your password has expired

Sep 4, 2024 at 2:02amWeb