MFA on a smartphone

Multi-factor authentication (MFA; aka Two-factor authentication aka 2FA) makes access to things more secure. However, how to do it from the same smartphone seems to be an afterthought. First, if someone has the smartphone which is used to generate the code, receive the text, answers the phone call, or confirms the access, then is MFA… Continue reading MFA on a smartphone

Email Changes

Ran across a site where if one changes the email address associated with the account, it sends the confirmation email to the new address. Say, I am a Blackhat and used a phishing attack to get the password for┬áthe account. Having legitimately logged in, I then change the email address associated with it from victim@outlook.com… Continue reading Email Changes

Verification Codes

One would hope that verification codes would be extremely random. More┬árandomness makes it harder for a malicious entity (person or computer) to guess the code. Less randomness makes it easier. With all the Two-Factor Authentication (2FA) out there, we hope there is enough randomness in these methods to make them unguessable by someone attempting to… Continue reading Verification Codes