zlacker

[return to "Notifications for targeted attacks"]
1. Pyxl10+q1[view] [source] 2015-10-19 01:22:28
>>fahimu+(OP)
Why state-sponsored hacking specifically, as opposed to any (likely) unauthorized access?
◧◩
2. jsprog+x1[view] [source] 2015-10-19 01:25:14
>>Pyxl10+q1
Also, how will sending a new password to your cell phone help? If you are dealing with state sponsored actors, why not assume they can see all text and email?
◧◩◪
3. Lafore+K1[view] [source] 2015-10-19 01:27:45
>>jsprog+x1
A two-factor authentication token to sent via text, not the actual password.

That said, I find SMS-based 2FA to be pretty dodgy as well. Cloudflare was hacked once by somebody who managed gain access to an admin's mobile phone by social engineering their telco. If a site does not offer TOTP based 2FA I usually don't bother using it.

◧◩◪◨
4. suneil+c4[view] [source] 2015-10-19 02:24:58
>>Lafore+K1
How does TOTP compare to HOTP?
◧◩◪◨⬒
5. Lafore+yb[view] [source] 2015-10-19 04:57:17
>>suneil+c4
HOTP tokens does not expire with time, so there is a bigger risk of them being stolen from transit/storage and successfully used.
[go to top]