539
Just Microsoft Things™ (programming.dev)
submitted 3 days ago by irelephant@programming.dev to c/iiiiiiitttttttttttt@programming.dev
66 comments fedilink hide all child comments

TranscriptA wafrn woot (post) by @tinker@infosec.exchange saying "Microsoft Authenticator needs me to validate with Authenticator in order to log in with Authenticator to use it to authenticate another app with Authenticator. Here is the app telling me to open itself to validate itself with itself. #infosec #iHateComputers" It has a screenshot showing the microsoft authenticator app.

you are viewing a single comment's thread
view the rest of the comments
[-] CosmicTurtle0@lemmy.dbzer0.com 3 points 2 days ago

I've started employing one physical hardware token as my primary means of MFA and a TOTP or backup codes if the website provides them.

I have two backup hardware tokens (so three total) but it's become impractical to keep them all in sync. And not all websites support multiple hardware tokens.

My initial idea is to have a key locked at home in the event that I lose my primary key. The third was just a spare I got at work.

Also the number of websites that don't have proper MFA that really should amazes me.

E-Trade has that shitty symanticVIP MFA. My primary bank still does cell phone MFA with no plans to do TOTP.

Honestly, the bare minimum should be TOTP.

And remember kids: passkeys by themselves are not MFA.

this post was submitted on 29 Apr 2025
539 points (100.0% liked)

iiiiiiitttttttttttt

474 readers
785 users here now

you know the computer thing is it plugged in?

A community for memes and posts about tech and IT related rage.

founded 1 week ago
MODERATORS
irelephant@programming.dev
Irelephant@lemm.ee