355
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
(www.bleepingcomputer.com)
this post was submitted on 28 Jan 2024
355 points (99.2% liked)
Technology
58135 readers
4926 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I am a fan of passkeys. Particularly because they essentially function as hardware 2fa, except they’re the only factor, which isn’t as big of a problem because it’s not something you can steal in a service breach like passwords. I’ve also noticed that even when using passkeys, most sites let you force a TOTP code as well anyway.
Very true, the big issue with them is a lot of popular hardware keys, including the yubikeys that I have, are limited to the number passkeys they can store (yubikey is 25 unique). Luckily password managers are starting to support them, but now you're back to having a strong password + hardware 2FA to store those passkeys anyway.
I do like TOTP or just hardware 2FA as a backup for my passkeys. What I really can't stand is sties that only offer SMS as 2FA, it makes me more angry than it probably should.
iPhones natively support passkeys, so at the very least the iOS user base can easily use them. Not sure about Android though.