reply on: Even VPs at Blockstream are getting phished. Do not answer the phone. \ stacker news ~security

pull down to refresh

10 sats \ 5 replies \ @k00b OP 18h \ parent \ on: Even VPs at Blockstream are getting phished. Do not answer the phone. security

It can, but not if you're using something like google auth and syncing it to your gmail account. Because once they gain access to your gmail account, they have access to your 2nd factor auth method and can login to any accounts that use those two factors. That's why many of these attackers go after the gmail account.

20 sats \ 4 replies \ @NovaRift 18h

No, I don't use G Auth; I've heard it's dangerous as they don't encrypt keys. I use Aegis and Bitwarden. I have separated things so they don't get connected. Thanks.

12 sats \ 3 replies \ @WeAreAllSatoshi 18h

I think Google Authenticator is fine as long as you don’t enable the cloud sync feature or whatever it’s called. I haven’t don’t a thorough analysis of it, though

0 sats \ 2 replies \ @NovaRift 18h

But there isn't even a point connecting everything to one service when you have such better alternatives.

Read this :

https://www.keepersecurity.com/blog/2024/07/03/google-authenticator-vs-keeper/

Google Authenticator does not provide end-to-end encryption, which makes it susceptible to hackers. If there's a data breach or someone compromises your Google account, all your 2FA secrets will be unprotected.

30 sats \ 1 reply \ @WeAreAllSatoshi 17h

Yea I’m not making such a recommendation. I’m just speaking to the sync feature

100 sats \ 0 replies \ @NovaRift 17h

Gotcha! thanks.