BC TECH
Saved by @zmbnski
Paul Stamatiou 📷
@Stammy 11 months, 1 week ago 383 views

Just published 15,000+ words on security keys. 🔐📱💻

With SIM attacks at their highest, now is a great time to take a closer look at your online security.

Removing SMS from your two-factor auth is a start, but authenticator apps have downsides too...

https://t.co/Dk0MPJHL2V

 Just look at these headlines from recent SIM swap and port attacks.

It's all too established for attackers to find ways to socially engineer control of your phone number and start gaining control of your accounts.

I first talk about some general security tips.
Unfortunately not all websites let you remove your phone number from accounts.

You may consider migrating your phone carrier to @googlefi , which requires email account access to do anything (and can be locked down with security keys and even Advanced Protection)
Beyond SMS, I talk about issues that TOTP authenticator apps (the code generators) have as a form of two-factor auth. They're so, so much better than relying on SMS for your second factor but they still have issues like utilizing shared secrets and lacking phishing prevention.
Enter security keys!

Utilizing public key cryptography they don't have any shared secret between the client and the server. They prevent phishing by taking the website domain into account.

Even if you get tricked by a clone phishing website, your key won't.
Keys have been around for a while under various names and technologies. Recently it was FIDO U2F + CTAP1 but now we have FIDO2 WebAuthn with CTAP2..

It's all very confusing...
Security keys are great for two-factor auth but FIDO2 has a vision for more: support for platform authenticators (like fingerprint readers and other biometrics) as well as being able to use them for "passwordless" authentication. https://t.co/qHI8n8x8m6
But this area is still nascent. Plagued by years of sub-par security key support across browsers. Things have been getting better in recent years with recently updated NFC support on iOS 13 but it's still a waiting game until things are made easier.
Which brings the question.. Why must I carry around an extra device just to be safe online?

You shouldn't. WebAuthn aims to change that.

But for now, security keys—combined with strong online security best practices—are a great way to fortify your regular online activities.
This article was so long (like all of mine) that I took the time to build this little fly-out table of contents browser 🤣
I also went out of my way to design these little security key icons in figma while I was writing this 😍 cc @Yubico

More from Tech

Advertisement
Simon DeDeo
@SimonDeDeo
So, today, for the first time in 25 (!) years of Apple, I downgraded. From the 2016 MacBook Pro to my 2013, which I had kept in a drawer...


It was pretty simple to do—Apple Time Machine backups let me do it with one click.

That first tweet captures, in two pictures, how badly Apple has “lost the plot” (to quote @wylieprof). On the right is the Apple MagSafe adapter, from 2013. On the left, what I had “upgraded” to.

Thanks, Apple! I really was nostalgic for worrying about yanking my computer off the table.

Oh and I really appreciated not knowing if my computer was charging. What was great was the little whoop sound you used, so that the speaker before me could be informed I was charging my laptop.
TECH
Tom MacWright
@tmcw
it's done.

a visual enigma machine simulator: https://t.co/eLE4Sb97HW
TECH

You May Also Like

Karol296
@Karol296
Wracając do sedna dzisiejszego zamieszania z artykułem autosportu / motorsportu. Kubica mówi w nim, że podejmie swoją decyzję w ciągu kilku dni. Rozważa opcję z Williamsem lub posadę kierowcy symulatora w Ferrari. Więc za kilka dni dowiemy się co go czeka za rok. #F1PL

Autosport / motorsport zmienił nagłówek swoje tekstu, bo pierwotnie sugerował on że Kubica jest numerem jeden na liście Williamsa na tytuł mówiący tylko tym, że nadal jest na liście kandydatów. Zrobili to po interwencji zespołu. Same wypowiedzi Kubicy z wywiadu się nie zmieniły.

Trudno powiedzieć czy autor się pośpieszył i wyciągnął inne wnioski niż powinien, a może wie coś więcej, ale nie mógł tego otwarcie napisać. Słowa Kubicy brzmią jednak jednoznacznie: decyzję podejmie w ciągu kilku dni.
SPORT
Daddy Files
@DaddyFiles
This is my son, Sam. He’s 5. And today he learned how shitty and harmful #ToxicMasculinity is. My rage meter is spiking right now so excuse me if this is a little raw but there are some things I want to say about BS #gender norms (a thread)


Sam is my middle child & he’s a terror. A “boy’s boy” as so many (not me) would say. He’s rough and tumble, he’s loud, he’s always dirty, loves trucks, plays sports and knee drops me from the couch. But he also loves a lot of “girl” things.

Sam has a collection of purses because he likes to carry things around. And he also loves to have his nails painted bright colors because he thinks they “look beautiful.” And he’s right – they are beautiful…


So he proudly wore his red nail polish to kindergarten this morning because Sam has absolutely no concept of nail polish only being for girls or reason to think anyone would possibly have a problem with beautiful nails.


But his classmates did have a problem. A big one. Sam was ridiculed for being a boy with nail polish. They called him names and told him to take it off. This lasted the entire day.
Advertisement
Advertisement
Ethan 👨‍🎤
@Booligoosh
First update to https://t.co/lDdqjtKTZL since the challenge ended – Medium links!! Go add your Medium profile now 👀📝 (thanks @diannamallen for the suggestion 😁)


Just added Telegram links to https://t.co/lDdqjtKTZL too! Now you can provide a nice easy way for people to message you :)


Less than 1 hour since I started adding stuff to https://t.co/lDdqjtKTZL again, and profile pages are now responsive!!! 🥳 Check it out -> https://t.co/fVkEL4fu0L


Accounts page is now also responsive!! 📱✨


💪 I managed to make the whole site responsive in about an hour. On my roadmap I had it down as 4-5 hours!!! 🤘🤠🤘
MAKERS
Guillaume Chaslot
@gchaslot
The YouTube algorithm that I helped build in 2011 still recommends the flat earth theory by the *hundreds of millions*. This investigation by @RawStory shows some of the real-life consequences of this badly designed AI.


This spring at SxSW, @SusanWojcicki promised "Wikipedia snippets" on debated videos. But they didn't put them on flat earth videos, and instead @YouTube is promoting merchandising such as "NASA lies - Never Trust a Snake". 2/


A few example of flat earth videos that were promoted by YouTube #today:
https://t.co/TumQiX2tlj 3/

https://t.co/uAORIJ5BYX 4/

https://t.co/yOGZ0pLfHG 5/
TECH