Comment by tadamcz
3 months ago
Using a security key as 2FA instead of TOTP would have prevented this attack, right?
If you maintain popular open source packages for the love of God get yourself a couple of security keys.
3 months ago
Using a security key as 2FA instead of TOTP would have prevented this attack, right?
If you maintain popular open source packages for the love of God get yourself a couple of security keys.
Well, that would also require all the services to support webauthn/FIDO, which a lot of them don't. Some who do support it only allow one key or trivial bypass via "security questions".