Recent twts in reply to #kaggk6q

How Google Authenticator made one company’s network breach much, much worse | Ars Technica


WHY are these big companies treated as though they are the be all and end all of infosec? These are rookies errors they’re making, at scale.

Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option.

⤋ Read More


Login or Register to join in on this yarn.