|
Subjunctive posted:https://dontduo.com/ ahahahahahahahahahahahaha
|
#
?
Sep 12, 2019 01:46
|
|
|
|
| # ? Apr 27, 2024 03:26 |
|
|
that's a joke, right? like, if you try to sign up it just sends you an email calling you an idiot... right?
|
|
#
?
Sep 12, 2019 01:48
|
|
|
I've just tripled my productivity
|
|
#
?
Sep 12, 2019 02:06
|
|
|
infernal machines posted:that's a joke, right? sign up to find out. then theyll have your cc deets and mfa.
|
|
#
?
Sep 12, 2019 02:24
|
|
|
Subjunctive posted:https://dontduo.com/ don't duo what Donny duo does
|
|
#
?
Sep 12, 2019 03:00
|
|
|
Powerful Two-Hander posted:holy lmao our homebrew system for managing "secure" access to database creds logs them in plaintext in an area accessible from all user sessions our setup is similar but you have to be a dev to get access to read logs, so the logs are never read, so the system is secure
|
|
#
?
Sep 12, 2019 03:04
|
|
|
Hey yall quick question I'm studying to take the CompTIA security+ test is there anything in particular that the test asks a lot about? I've been doing a bunch of practice tests and just trying to narrow the scope of the wide range these practice tests are asking.
|
|
#
?
Sep 12, 2019 14:46
|
|
|
What kinds of questions are even on a comptia level security cert
|
|
#
?
Sep 12, 2019 14:47
|
|
|
Subjunctive posted:https://dontduo.com/ this is cute
|
|
#
?
Sep 12, 2019 15:08
|
|
|
Metapod posted:Hey yall quick question I'm studying to take the CompTIA security+ test is there anything in particular that the test asks a lot about? I've been doing a bunch of practice tests and just trying to narrow the scope of the wide range these practice tests are asking. If you've been a computer toucher for more than a year most of the stuff it covers should be common sense. Make sure you know all the dumb acronyms, and have a basic grasp of business risk and you'll be fine. Captain Foo posted:What kinds of questions are even on a comptia level security cert Basic encryption, networking, business risk, physical security and outdated malware models.
|
|
#
?
Sep 12, 2019 15:18
|
|
|
anybody have an informed opinion on https://threema.ch ?
|
|
#
?
Sep 12, 2019 15:23
|
|
|
the have a whitepaper for their crypto https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf
|
|
#
?
Sep 12, 2019 15:27
|
|
|
Subjunctive posted:https://dontduo.com/ This is some awesome performance art in support of U2F
|
|
#
?
Sep 12, 2019 15:39
|
|
|
this is why i harp on people that SMS challenges dont count as 2-factor auth. hell, even NIST says to quit it with that poo poo
|
|
#
?
Sep 12, 2019 15:55
|
|
|
to save money just get one dontduo.com account for all your coworkers and then have them all use the same # even better!
|
|
#
?
Sep 12, 2019 15:55
|
|
|
The Fool posted:If you've been a computer toucher for more than a year most of the stuff it covers should be common sense. Make sure you know all the dumb acronyms, and have a basic grasp of business risk and you'll be fine. Oh cool ty
|
|
#
?
Sep 12, 2019 16:01
|
|
|
It's great that in 2019 things like discord have real 2FA but banks all use SMS or are maybe in the process of jury rigging 2FA in their lovely mobile apps. There's probably a special circle of hell for companies like Bank of America that are members of the FIDO Alliance but still only support SMS in 2019.
|
|
#
?
Sep 12, 2019 16:02
|
|
|
mystes posted:It's great that in 2019 things like discord have real 2FA but banks all use SMS or are maybe in the process of jury rigging 2FA in their lovely mobile apps. USAA uses Symantec VIP, which isn't perfect but it's pretty good
|
|
#
?
Sep 12, 2019 16:05
|
|
|
ewiley posted:USAA uses Symantec VIP, which isn't perfect but it's pretty good It's really annoying how few people support U2F though.
|
|
#
?
Sep 12, 2019 16:09
|
|
|
mystes posted:There's probably a special circle of hell for companies like Bank of America that are members of the FIDO Alliance but still only support SMS in 2019. I somehow doubt this will be the deciding factor for BoA's circle assignment? 
|
|
#
?
Sep 12, 2019 16:19
|
|
|
ewiley posted:USAA uses Symantec VIP, which isn't perfect but it's pretty good i recently had to install symantec VIP on my phone to use one of our vendor's dumbass IaaS cloud platforms which brings the count to 7 MFA apps on my phone lol
|
|
#
?
Sep 12, 2019 16:25
|
|
|
mystes posted:It's great that in 2019 things like discord have real 2FA but banks all use SMS or are maybe in the process of jury rigging 2FA in their lovely mobile apps. my credit union's online banking system required 8 character number-only passwords until a few years ago. like not alphanumeric, literally just numbers. to their credit they have since overhauled basically everything and their login system is actually somewhat acceptable now.
|
|
#
?
Sep 12, 2019 16:27
|
|
|
my credit union had a 8-12 character password requirement, but you had to answer your security questions every time, and they were case sensitive. i got locked out for a year and didn't go through the recovery process to be let back in until they fixed that poo poo.
|
|
#
?
Sep 12, 2019 16:31
|
|
|
Shame Boy posted:my credit union's online banking system required 8 character number-only passwords until a few years ago. like not alphanumeric, literally just numbers. mine did the same but until the recent overhaul it was seven digits. I'm sure 90% of people's online banking passwords there were just their phone numbers
|
|
#
?
Sep 12, 2019 16:44
|
|
|
CRIP EATIN BREAD posted:my credit union had a 8-12 character password requirement, but you had to answer your security questions every time, and they were case sensitive. my other old credit union would lock you out after 5 password attempts or whatever and require you to come into a branch in person and show ID to unlock your account lmao i was locked out of that one for a whiiiile
|
|
#
?
Sep 12, 2019 16:51
|
|
|
ewiley posted:USAA uses Symantec VIP, which isn't perfect but it's pretty good its expensive dogshit and you should use something else
|
|
#
?
Sep 12, 2019 16:54
|
|
|
Shame Boy posted:my other old credit union would lock you out after 5 password attempts or whatever and require you to come into a branch in person and show ID to unlock your account lmao yeah i had to call during business hours and talk to the person to reset my stuff. loved explaining to the nice bank lady how to spell "crip eatin bread"
|
|
#
?
Sep 12, 2019 16:58
|
|
|
https://twitter.com/rd_pentest/status/1172175324827848704 fun
|
|
#
?
Sep 12, 2019 17:18
|
|
|
this is intentional behavior introduced with Win7 and MS refuses to fix it in a meaningful away. This is why you take the UAC slider up to Always Notify or run with a non-admin account and context switch when you need it
|
|
#
?
Sep 12, 2019 17:34
|
|
|
BangersInMyKnickers posted:its expensive dogshit and you should use something else I like USAA  It's not like I have any choice on what mfa solution they use.
|
|
#
?
Sep 12, 2019 18:49
|
|
|
mystes posted:It's great that in 2019 things like discord have real 2FA but banks all use SMS or are maybe in the process of jury rigging 2FA in their lovely mobile apps. bank of america's already got plenty of spots in hell waiting
|
|
#
?
Sep 12, 2019 19:46
|
|
|
mystes posted:It's great that in 2019 things like discord have real 2FA but banks all use SMS or are maybe in the process of jury rigging 2FA in their lovely mobile apps. come to Europe. uk banks all hand out chip devices where you stick in your debit card and enter your pin to get a one-time code, or some of them just have authenticated tokens that are the same principle but the thing-you-have is the token rather than the card not perfect probably but a hell of a lot better than loving sms
|
|
#
?
Sep 12, 2019 20:17
|
|
|
i think some american banks experimented with that, but then they realized it would lower profits 0.00001%
|
|
#
?
Sep 12, 2019 20:41
|
|
|
Soricidus posted:come to Europe. uk banks all hand out chip devices where you stick in your debit card and enter your pin to get a one-time code, or some of them just have authenticated tokens that are the same principle but the thing-you-have is the token rather than the card Some Dutch banks had this, and the devices were rather expensive. As it turned out, they spent millions on those things, and the fraud prevented was less than that, so they lost money. Instead they have an app now to provide the second factor. Which works well enough, they gave it some thought and it's decently secure.
|
|
#
?
Sep 12, 2019 20:44
|
|
|
i know plenty of older people who don’t have a smart phone but do some banking on laptops or w/e. they won’t use apps if they can help it. handing out a cheap device that just uses the chip they already have in their bank card is a great way to get them off sms. idk if the implementation is actually secure but it can’t be worse than sms.
|
|
#
?
Sep 12, 2019 20:50
|
|
|
How do they secure the process of authorizing a new phone for the smartphone apps? Do you have to use the old phone to authorize it? If not it seems useless. I think for example capitalone just uses SMS for this so it's no better than normal SMS 2FA. I think the reason banks in the US gave up on 2FA is that they don't want to deal with people who lose their tokens. I just wish they would let people use u2f or totp if they know what they're doing. mystes fucked around with this message at 20:55 on Sep 12, 2019 |
|
#
?
Sep 12, 2019 20:51
|
|
|
I like azure mfa w/ the Microsoft authenticator. its cool because they have plugins for basically everything so you can stick MFA everywhere with little effort.
|
|
#
?
Sep 12, 2019 20:56
|
|
|
spankmeister posted:Some Dutch banks had this, and the devices were rather expensive. As it turned out, they spent millions on those things, and the fraud prevented was less than that, so they lost money. Rabobank still has. But it is cumbersome and if you don’t have your reader with you, you can’t internet bank from public toilets while out and about, so they also allow you to set a 5 digit code to bypass the 2FA (still need the reader to sign transfers to non pre-approved accounts, so it’s slightly less insane than it sounds).
|
|
#
?
Sep 12, 2019 20:58
|
|
|
Yeah the problem is allowing fallback to SMS.
|
|
#
?
Sep 12, 2019 20:59
|
|
|
|
| # ? Apr 27, 2024 03:26 |
|
|
mystes posted:
android isn't doing this poo poo any favors. Those poor suckers have to jump to a new phone install with new tokens every time they change devices, meanwhile I am using the same software token that I setup on my 3gs and have been migrating through 3 phones now
|
|
#
?
Sep 12, 2019 20:59
|
|