118
Authy Users' Phone Numbers Compromised via Twilio API Vulnerability
(www.bleepingcomputer.com)
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
Let this be a reminder not to use Authy or Google Auth or Microsoft Auth if you can help it. Your best bet if you can help it is a Yubikey or Nitrokey. If you can't far better to go with Aegis or Ente Auth. If you need easy sync across devices, Aegis has that, but most of the security experts I know recommend going with 1Password as your MFA solution with sync. I personally don't trust 1Password as a for profit corporation, but I also accept I don't get paid to know about computer security to the degree that an actual security expert is
I'd recommend bitwarden's dedicated 2F authentication app. The company is regularly audited and they post the results at https://bitwarden.com/help/is-bitwarden-audited/