Nemeski@lemm.ee to Technology@lemmy.worldEnglish · 11 months agoOver 5,300 GitLab servers exposed to zero-click account takeover attackswww.bleepingcomputer.comexternal-linkmessage-square40fedilinkarrow-up128arrow-down10
arrow-up128arrow-down1external-linkOver 5,300 GitLab servers exposed to zero-click account takeover attackswww.bleepingcomputer.comNemeski@lemm.ee to Technology@lemmy.worldEnglish · 11 months agomessage-square40fedilink
minus-squareLmaydev@programming.devlinkfedilinkEnglisharrow-up0·11 months agoGoogle is moving that way with passkeys. I think it’ll catch on with many people. Just cut the passwords out and go straight to unlocking with a device. That said not sure what happens if you lose your device.
minus-squareBaines@lemmy.worldlinkfedilinkEnglisharrow-up1·edit-211 months agodon’t even have to lose the device phone is the most common, plenty of ways in from mitm attacks (insecure wifi for example) to social eng the account phone provider guess you could go the dongle route but if it was super common thieves would just target them
minus-squareasdfasdfasdf@lemmy.worldlinkfedilinkEnglisharrow-up1·11 months agoI think the question is less about getting hacked and more about getting permanently locked out of your account.
minus-squareBaines@lemmy.worldlinkfedilinkEnglisharrow-up2·11 months agosure but it shouldn’t be, any good process will have some recovery method course that can be a vulnerability as well thank god recovery questions are dead
Google is moving that way with passkeys. I think it’ll catch on with many people.
Just cut the passwords out and go straight to unlocking with a device.
That said not sure what happens if you lose your device.
don’t even have to lose the device
phone is the most common, plenty of ways in from mitm attacks (insecure wifi for example) to social eng the account phone provider
guess you could go the dongle route but if it was super common thieves would just target them
I think the question is less about getting hacked and more about getting permanently locked out of your account.
sure but it shouldn’t be, any good process will have some recovery method
course that can be a vulnerability as well
thank god recovery questions are dead