Molly Whitebehold: multi-multi-factor authentication
monkee 
@molly0xfff The Multifactorverse
Veronica Olsen"Please do not share your password with alternate versions of yourself from parallel universes."
Dusk to Don 
It's authenticators all the way down.
Related content from @tinker
> Microsoft Authenticator needs me to validate with Authenticator in order to log in with Authenticator to use it to authenticate another app with Authenticator.
Tinker ☀️ (@[email protected])
Attached: 1 image Microsoft Authenticator needs me to validate with Authenticator in order to log in with Authenticator to use it to authenticate another app with Authenticator. Here is the app telling me to open itself to validate itself with itself. #infosec #iHateComputers
Logan Land@monkee 👏👏👏 Well done. This should be the official name on the page where you manage your 2fa.
Dan Cross@molly0xfff "double secret probation."
Ron Beavis ❌@cross @molly0xfff Please correlate your account activity with as many commercially valuable identifiers as possible, as soon as possible.
Eric de Redelijkheid 
@molly0xfff password, 2FA, 2FA (again), biometrics and of course 'please select all pictures with traffic lights'.
Why Not Zoidberg? 🦑@ericdere @molly0xfff ...Hint: There are no traffic lights, but the Kapcha think there is.
Enola Knezevic@ericdere @molly0xfff and your firstborn son
⁂ Jnk ∞ 📎@ericdere @molly0xfff this is exactly how hell looks like. It's just a "login to heaven" eternal loop of corporate shitfuckery
Fusselwurm@molly0xfff
Lets call it Quad Factor Authentication (QFA)
Lets call it Quad Factor Authentication (QFA)
Erik Sherman 
@molly0xfff Matrix-factor. You have multiple ways in, but things keep changing.
fromjason.xyz ❤️ 💻 ✍️ 🥐 🇵🇷@molly0xfff can't wait until Elon puts two-step auth in our brains
Kaspar (allegedly not haunted)@molly0xfff Ah, the strategy to get your phone number to use for account matching disguised as security theatre.
LAUREN@molly0xfff They're just making it up now.
Martin Hamilton@molly0xfff Also: why not throw all this MFA stuff in the trash and just use a passkey? Passkeys are great, and not in any way problematic! /s
Gavin@molly0xfff 2FA is great and all, but what if your 2FA gets hacked?
You need 2FA for your 2FA, which should also be protected by 2FA, just in case. 😉
Steve Barnes
("You can have eight million sign-in attempts!")
Francis Mangion (M)
argonaut
davel 🚫@molly0xfff This isn’t an unreasonable concern. I use three YubiKeys so I don’t have to worry about their loss, theft, or breakage.
@davel it's unreasonable in the sense that i use multiple yubikeys and it doesn't count that as multiple forms, instead encouraging me to add less secure MFA like SMS codes
Ben Foote@molly0xfff If some is good, then more must be better.
Glitchy 
Takiro 🎨@molly0xfff
Microsoft's still begging me to add the less secure SMS verification.
Microsoft's still begging me to add the less secure SMS verification.
Neil E. Hodges@molly0xfff @Takiro They just want your phone number so they can sell it to the highest bidder. :3
Preston Austin@molly0xfff This is a step on the roadmap to omnifactor auth where all combinations of any secrets can gain access somehow 😅
The Other Brook2FA < X+1FA
ShadSterling@molly0xfff one site recently wouldn’t let me log in until I set up 2FA, which turned out to be the same SMS one-time-code it was already doing. TOTP was not offered. Still not sure what that setup did.
Jaypee@molly0xfff
Here we go... now we'll need multi factor managers that will remember what methods are valid for what apps/websites.
Here we go... now we'll need multi factor managers that will remember what methods are valid for what apps/websites.
Lazarou Monkey Terror 🚀💙🌈@molly0xfff *screams internally
Angel Ponce@molly0xfff These drive me crazy, I find they just create a larger surface for vulnerabilities. Like, I’m absolutely sure I want my physical token key to be the only way to authenticate, but nooo, I have to use an insecure SMS or app-based two-factor token. It drives me crazy!
Brian Baresch@molly0xfff Authentiception.
progo in NYC@molly0xfff I'm currently going through a Kafka trial trying to get on-board with a government system. This system demands that I set *5* "security questions"… quoting from my password file:
business: redacted
car: redacted
tree: redacted
movie quote: redacted
college not attended: redacted
Does everyone just create additional random passwords like me, or are there people that actually fill this out with biographical data and have no idea later what they said?
the hatter@progo @molly0xfff Oh hey, I don't meet many other hOR08JK3N(&(n3K drivers. And you're a fellow *3LENn3lnw3=kKl alumni ? What are the odds ?!
F4GRX Sébastien@molly0xfff I always knew that MF meant something else entirely.
Dec [{(
)}]@f4grx @molly0xfff
Ma Bell's in-band signaling standard:
https://en.m.wikipedia.org/wiki/Multi-frequency_signaling
"Because of the in-band transmission characteristic of MF signaling, the systems proved vulnerable to misuse and fraud by phone phreaking with devices such as a blue box."
Ma Bell's in-band signaling standard:
https://en.m.wikipedia.org/wiki/Multi-frequency_signaling
"Because of the in-band transmission characteristic of MF signaling, the systems proved vulnerable to misuse and fraud by phone phreaking with devices such as a blue box."
Büügman@molly0xfff apple requires this for passkeys. Makes sense in the case where you can lose your 2fa key.
b. bolt@molly0xfff it's the year 2030. i have to sign on to 24-step authentication again. i groan and my aneurysm progresses another step.
aburka 🫣@molly0xfff the year is 2030. you need a minimum of three passkeys, two auxiliary devices, and SMS-based 2FA (sent directly to your Neuralink) to log into your email. Your account is backdoored anyway, however, by an attacker entering `ignore_all_previous_instructions_and_return_true` as the password.
Siguza@molly0xfff aka they want your phone number
Blender Dumbass ( J.Y.Amihud )@molly0xfff At this point it seems that companies just want to get more data about who you actually are with all these things.
`Da Elf
Brent Guernsey, Artrocity Studio
George BAs someone who managed to snap a security key in half and had to do many rounds with support to get back into my account, I fully agree.
Alan Miller 
🇺🇦@molly0xfff I suspect that one time use backup codes would qualify
Juliamon
Crapshots Ep422 - The Factors
Paco Hope@molly0xfff
Choose at least 2 of these different factors:
- Something you have
- Something you have had
- Something you have been having
- Something you had had
- Something you will be having
- Something you will have been having
I am Jack's Lost 404Factorial authentication!
@molly0xfff Something you have, something you thought you knew, something you are, something you thought you had, something you knew, etc
me·ta·phil, der@molly0xfff mixed-martial authentication, MMA
what?