Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
c.im is one of the many independent Mastodon servers you can use to participate in the fediverse.
C.IM is a general, mainly English-speaking Mastodon instance.

Administered by:

Server stats:

2.9K
active users

c.im: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#twofactorauthentication

0 posts0 participants0 posts today
Public
Open Tech

Google has announced that Gmail will phase out SMS-based two-factor authentication (2FA) in favor of more secure methods. This change aims to enhance user security by reducing vulnerabilities associated with SMS codes, which can be intercepted. Users are encouraged to adopt alternatives like Google Authenticator or security keys for better protection.

#Google#Gmail#TwoFactorAuthentication
Public
Impish4249

Friends please always use strong #passwords generated & managed by a reliable #passwordmanager. Use them on your accounts AND #network devices. Even your #WiFi #AccessPoints. Your spouse & kids can remember? They should be using the same password manager if yours supports sharing. Most #smartphones and #comupters now can share through a #qrcode. There just is no excuse anymore. Use #twofactorauthentication whenever you can. The #threat has never been greater.

#security

bleepingcomputer.com/news/secu

BleepingComputer · Massive brute force attack uses 2.8 million IPs to target VPN devicesBy Bill Toulas
Public
Yohan Yukiya Sese Cuneta 사요한🦣

Services which still blocks your account for supposedly “suspicious activity”, even though you have , is like saying “we don't trust our own system” and/or “we don't trust you, we think you shared your 2FA secret with someone”.

I don't know. If it is the latter, that's user-error and their problem. If we continue solving user-error issues, the end-user will never learn anything.

Is 2FA perfect? Of course not. But it is far less likely for an account to be compromised if 2FA is enabled (without user-error).

So, accounts with 2FA should not be included in the “we temporarily blocked your account because of suspicious activity”. If there was indeed a legitimate unauthorised account access, due to user-error, let the user deal with it and learn from it. Otherwise, what's the use of 2FA?

In the gaming industry, some companies actually do that. If your account has 2FA enabled, they automatically remove your account from IP address checks. This allows the account owner to freely use VPNs without getting banned because of IP jumps. They don't mention it officially, but you can test it. If you disable 2FA and use VPNs, you'll get banned sooner or later (and have to go through a lengthy verification process). If you have 2FA enabled, you're free to use VPNs all you want.

(We're not talking about [gaming] services where they have regional licensing deals. They will indeed ban your account if you use a VPN because it is a restriction due to the regional licensing deals in place.)

I dunno, just . It's a hassle to suddenly see you're temporarily blocked even though you have 2FA enabled anyway. (Some services will even disable your 2FA because they assumed you shared your 2FA secret.)

Sure, there are people who keep a copy of their 2FA secret in unsecure ways. That still falls under user-error. 2FA secrets should not be kept, at least that's how it was designed. If a user wants to keep it, then encrypt it and store it somewhere. For example, use .

^_^

Public
Yohan Yukiya Sese Cuneta 사요한🦣

It's clear all browser cache, cookies, and data day!

=))

Relogging to services is a pain because:
1. I use different passwords (so I don't remember them). (If you don't remember them, the better.)

2. I use different email addresses.

3. I have enabled.

It's fine, I'd rather experience these hassles than lessen my precautions.

How about you? How are you handling the security of your online accounts?

Public
Yohan Yukiya Sese Cuneta 사요한🦣

I hate , their developers, and their agents.

(status: trying to prevent a meltdown)

Context and details.
1. I seldom (rarely even) use my Instagram account. I log in when I have something to share. I don't even go on a 'liking' spree, and I only leave comments when there's something to say.

2. I don't even follow accounts here and there. I only followed accounts that I'm a fan of, or I am interested with their content.

3. I have

4. I have a postpaid mobile number attached

5. My email, using my own domain name, is the one attached to it

6. I provided my real name in the account section, just exactly for verification purposes if needed (if they ask for an ID or something).

7. I did not upload any “re-upload”/“re-share” content.

See my account: pixelfed.social/i/web/profile/ That's practically the same content as I have in my Instagram account.

YET, they started to ask me for since February 2023.

I complied.

* The first selfie verification, they approved it. But did not inform me, no email whatsoever.

* The second selfie verification, they approved it and sent an email apologising that it was a mistake. (See attached screenshots.)

* The third time, the current one, was last week. They did not approve it. No email whatsoever. I can no longer login to my account.

I complied with their selfie verifications even though I am very uncomfortable with it. I am , and I hate these types of verifications (selfie, video), but I complied.

And this is what I get in the end?

What is the use of if they are not going to use it?

I can not help but conclude that and is anti- . I am in my online accounts, and I do feel targeted in this situation.

Currently, for the nth time, I am doing my best not to have a just because of this.

My last attempt is this thread over : twitter.com/YourOnlyONEofcl/st If you want to help, and I do need the help, please reply and tag Meta and Instagram. Maybe even worth tagging as well.

@neurodivergence

@actuallyautistic

ExploreLive feeds
About