Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
  • Lmaydev@programming.devEnglish
    0·
    8 months ago

    Google is moving that way with passkeys. I think it’ll catch on with many people.

    Just cut the passwords out and go straight to unlocking with a device.

    That said not sure what happens if you lose your device.

    • Baines@lemmy.worldEnglish
      1·
      8 months ago

      don’t even have to lose the device

      phone is the most common, plenty of ways in from mitm attacks (insecure wifi for example) to social eng the account phone provider

      guess you could go the dongle route but if it was super common thieves would just target them

      • asdfasdfasdf@lemmy.worldEnglish
        1·
        8 months ago

        I think the question is less about getting hacked and more about getting permanently locked out of your account.

        • Baines@lemmy.worldEnglish
          2·
          8 months ago

          sure but it shouldn’t be, any good process will have some recovery method

          course that can be a vulnerability as well

          thank god recovery questions are dead