Jump to content
OpenSecurity.global

Chase Thompson

Members
  • Content Count

    4
  • Joined

  • Last visited

  • Invited by

    Yuu Chan

Community Reputation

2 Neutral

Personal Information

  • Bio
    Pentester

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I used google auth, but also backed up the secret offline, which I think is a reasonable thing to expect from a community of infosec people. My issue with Twitter and Google is the all or nothing approach to the SMS piece.
  2. I think totp is a great solution and I am baffled that google and twitter require SMS failback for totp. They require you to enable SMS before totp and then they disable all 2FA if you remove your phone. I assume that the reasoning is, "We don't want to have to deal with every user that loses a phone". That's fair, but you wouldn't have that problem if you made it easier for users to backup the secret seed for the totp generation. Mandatory SMS failback is both an invasion of your privacy and makes you vulnerable to sim swapping.
  3. Hello, I am an infosec analyst and pentester. I do vulnerability assessments, run tools, test controls, read policy, write reports... I am glad to be here. I hope I can contribute but I mostly exist to learn.
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy