319
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
(www.bleepingcomputer.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 28 Jan 2024
319 points (99.1% liked)
Technology
59570 readers
3472 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
How does Microsoft's implementation work?
Is it possible to log into windows without a Microsoft account using that method?
I don't know about windows specifically, but for outlook they're pushing their authenticator app (you can use any) and SMS or email one time links. I think it works really well, and almost all attempts to access my account have stopped tbh, they can't phish for my password if I don't have a password.
Yeah this is being standardized at the mobile hardware level now with
https://fidoalliance.org/passkeys/
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
That reverse-code thing is super annoying. The next vector is through the shitty app itself.