⇄ Σ = Mᄃ² ⇆  

If you use Google 2fa authentication app you probably should turn OFF the sync to cloud option

Retool blames breach on Google Authenticator MFA cloud sync feature

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack.

bleepingcomputer.com/news/secu

1+
⇄ Σ = Mᄃ² ⇆  

if anyone gets access to your google account they can then instal the google 2fa app that will enable them to then get all your 2fa codes and see what accounts you have then start hacking your other accounts

switching cloud sync off means they can't as the 2fa codes are only on your device

1+
⇄ Σ = Mᄃ² ⇆  

begs the question though

why is a company using google authenticator app in the first place for employees

sidenote: google should add the feature "verify device" then when a new device adds google authenticator app the device the app was 1st installed on gets an alert to verify or not

1+
⇄ Σ = Mᄃ² ⇆  

if you wanna ditch google authenticator app

try Aegis

open source app

github.com/beemdevelopment/Aeg

/nosanitize

play.google.com/store/apps/det

1
⇄ Σ = Mᄃ² ⇆
Follow

sidenote:

you should enable google prompt

When you sign in to your Google Account via a new device you get a full screen alert notification on your main device(smartphone), you can tap that notification on your phone to confirm it's you or deny which will stop the sign in attempt - Google prompts give you info about the device, location, and time of the sign-in attempt.

enable it via your google account security 2fa

having google prompts enabled still allows you to to use 2fa app

· 2· 0· 4
backsaw - я українець  

@ecksmc so FIDO: what devices are en vogue? Titan/yubikey/nitro/?

1
⇄ Σ = Mᄃ² ⇆  

@b4cks4w i don't use any of them

have read about them though YubiKey seems to be popular and would probably be the one i got/get if/when i switch

0
ᏤⵁŁ₮ƦⵁИł€  

@ecksmc
I use Aegis and recommend it also.

For iOS users, I like RavioOTP.

1+
backsaw - я українець  

@voltronic @ecksmc
FWIW Aegis is on Fdroid as well
Aegis Authenticator (Free, secure and open source 2FA app to manage tokens for your online services)
f-droid.org/packages/com.beemd

0
⇄ Σ = Mᄃ² ⇆  

@voltronic 👍

yeah it was you i got the heads-up from :)

0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…