this post was submitted on 14 Jun 2023
3 points (100.0% liked)

Cybersecurity

14 readers
1 users here now

All about cybersecurity. Be nice, no spam!

founded 1 year ago
MODERATORS
 

All sounds great until you lose your phone or FIDO device, or it’s stolen, or your facial login is spoofed but still probably pretty great on the whole when combined with other methods.

top 6 comments
sorted by: hot top controversial new old
[–] MutatedBass@lemmy.world 3 points 1 year ago (2 children)

I am certainly no expert but I think conceptually they are neat so long as there is another way to access the account if, like you say, you lose the device or something else happens. In the current world of social media and AI, facial login would seem to me to be the furthest thing from secure.

[–] administrator@lemmy.pro 3 points 1 year ago

Agreed, they fall into the “something you have” category which is great because it’s harder for a bad actor to obtain them, like they could obtain 2FA keys in some way, example, nullifying their value. But as long as there is a failsafe backup way like you say I like it.

[–] crdz@lemmy.one 2 points 1 year ago

And with Adobe implementing AI into their photoshop tools, like it's great for photo editing and making a smoother work flow but there's always the negative side. And they did say that in the meta data it would show that an image had AI used on it but the everyday consumer of media won't know and or even think of checking into that.

https://www.engadget.com/adobe-adds-generative-ai-editing-to-photoshop-110034887.html

[–] crdz@lemmy.one 2 points 1 year ago (1 children)

I think it's a step in the right direction to get users to adopt MFA. I know too many people that still rely on using the same easy to remember password to login to too many accounts, especially important ones and are too "busy" to set up a password manager or even set up MFA through other methods. Having something built in would be good for them. My only concern is that this is something aimed at newer devices and not too much for legacy devices that may not have a Bluetooth enabled desktop. Of course those are probably now viewed as the not the norm for everyone as now everything is done on newer laptops and phones that have everything built in to use these new technologies.

I also don't like having all my eggs in one basket, like relying on Google to protect my backup codes and MFA options while assuming they will use E2EE while transferring my data, which apparently they've already dropped the ball on their new feature of backing up information into the cloud by default.

[–] administrator@lemmy.pro 2 points 1 year ago (1 children)

Aye thank you for the info on the lacking end to end encryption at Google Authenticator - I didn’t realize that. Big weak point there in the system.

[–] crdz@lemmy.one 2 points 1 year ago* (last edited 1 year ago)

No problem! And ya for how big a company they are this seems like a pretty big thing to be dropping the ball on and with Google making the zip and mov domains I feel like they must be trolling people or something trying to create more problems in the cybersecurity world but that's up for debate also I guess.

Edit: added link to Medium write up from researcher Bobbyr.

https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5

load more comments
view more: next ›