Collaborate Disseminate
GitHub recently reminded me to save backup codes to avoid losing access to my account. I wrote down my codes a few years ago and haven’t taken further action since. However, I’m now wondering: do backup codes ever expire? Should I occasion… Continue reading Can I rely on my backup codes to remain valid indefinitely?
I’ve enabled 2FA on my website. During tests, I’ve noticed that users can use the 2FA codes multiple times. How can I ensure that each code can only be used once?
Continue reading How to prevent 2FA codes from being used multiple times?
Currently I am working on implementing/supporting WebAuthN in my service (JAVA). I have a Control Plane which handles the registration ceremony and Data Plane that handles the authentication ceremony. I am using WebAuthN4J. The persistent … Continue reading Is clientDataJson and attestationObject required to verify assertion during authentication in WebAuthN?
How can I bypass Gmail 2FA by using metasploit payload? The problem is not to dump the sms, the problem is that they send pair of numbers to click on from device that have login Gmail in that. Like click on "83" from your phone.
… Continue reading Bypass Gmail MFA using metasploit [closed]
During security audits I’ve seen several times that DevOps made a ‘special’ user account for CI/CD pipelines, especially when using Azure DevOps. Often this user is the only user where multi-factor authentication (MFA) is disabled, which I… Continue reading Do CI/CD pipelines in Azure DevOps require a dedicated user without MFA?
Sometimes when you try to log in to a newly-created Google account, Google will block your log-in attempt saying "We’ve detected unusual activity on the account that you’re trying to access," and ask you to enter a phone number t… Continue reading How is Google’s phone policy more secure? [duplicate]
My question is about the security of having "circular dependencies" in email recovery. I.e., is option 1:
A@gmail.com -> B@gmail.com -> A@gmail.com
better than option 2:
A@gmail.com -> B@gmail.com
with no recovery emai… Continue reading Circular dependencies in email recovery
I try to implement a secure user login in my .net application. The first password is hashed with argon2id. The salt and the hashed password is stored in a database. SSL encryption and HttpOnly Cookie is used.
Now i want to add a multifacto… Continue reading Whats the safest way to store 2fa/mfa secret key in database?
I was being harassed by a phone number, and when I tried to get details about it from the company whose SIM was being used, they said that the number is not registered with them. The company also mentioned that the number might be using a … Continue reading I want to know about some techniques to get phone number information
I was being harassed by a phone number, and when I tried to get details about it from the company whose SIM was being used, they said that the number is not registered with them. The company also mentioned that the number might be using a … Continue reading I want to know about some techniques to get phone number information