Josh the BlockadedSep 4, 2024
It's 2024, and this is the majority of 2FA in a nutshell:

Institution: I'm sending you a code I need you to put into this form.
Institution: Also don't give it to anyone.
Institution: Oh except me.
Institution: Oh except for these other codes which we'll send from the same shortcode but will never ask you for.
Institution: Don't get confused or hacked lol

#infosec #security
Show threadSiguzaSep 4, 2024

@josh

Institution: Also give me your phone number.
Institution: No, like, really, I won't let you continue without it.
Institution: Even though you already went through 2FA setup.
Institution: We need it for recovery purposes.
Institution: We definitely won't use it for marketing.
Institution: Oh, and by recovery we mean username, password and 2FA.
Institution: SMS is so secure.

Show threadSass, DavidSep 4, 2024
@siguza @josh the institution is #Microsoft, isn't it?
Show threadSiguza
@sassdawe @josh I actually think I got away without giving Microsoft my phone number... but this is definitely Twitch, Google, Apple, a few government services, and then some.
Sep 4, 2024 at 11:58amWeb