zlacker

[return to "Notifications for targeted attacks"]
1. Pyxl10+q1[view] [source] 2015-10-19 01:22:28
>>fahimu+(OP)
Why state-sponsored hacking specifically, as opposed to any (likely) unauthorized access?
◧◩
2. jsprog+x1[view] [source] 2015-10-19 01:25:14
>>Pyxl10+q1
Also, how will sending a new password to your cell phone help? If you are dealing with state sponsored actors, why not assume they can see all text and email?
◧◩◪
3. Lafore+K1[view] [source] 2015-10-19 01:27:45
>>jsprog+x1
A two-factor authentication token to sent via text, not the actual password.

That said, I find SMS-based 2FA to be pretty dodgy as well. Cloudflare was hacked once by somebody who managed gain access to an admin's mobile phone by social engineering their telco. If a site does not offer TOTP based 2FA I usually don't bother using it.

◧◩◪◨
4. jsprog+l2[view] [source] 2015-10-19 01:39:06
>>Lafore+K1
I didn't say the actual password. The page wasn't very forthcoming on all the details, but a 2FAT is typically just a very short, temporary password.
[go to top]