The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘2FA/MFA’ Category

PayPal domains to enable JavaScript for

Posted by jpluimers on 2025/06/16

I have JavaScript disabled in my browser and had to enable it for these domains to get PayPal working:

Without the first and last, Captchas nor 2FA would work.

[Wayback/Archive] Netify.ai: PayPal – Domains, IPs and App InformationΒ (which I found via [Wayback/Archive] domains used by paypal – Google Search) only lists primary domains (not subdomains like the above) and contains both paypal.com and paypalobjects.com.

The list is by Netify.ai, the company having Deep Packet Inspection products around the open source engineΒ [Wayback/Archive] pcbaldwin/netifyd: The open-source Netify DPI engine is a standalone deep packet inspection agent that provides a flexible and affordable DPI solution for gateways, firewalls, SD-WAN, WiFi, IoT and other OEM devices..

–jeroen

Posted in 2FA/MFA, Authentication, Power User, Security | Leave a Comment »

September 2024 – Agust Tell HN: Twilio quietly removes Authy iOS app from Mac App Store, stops updates | Hacker News

Posted by jpluimers on 2025/05/05

Installing the Authy iOS app on a Apple Silicon Mac (M1/M2/M3/…) used to be the way to keep using Authy in the Mac Desktop, as early this year Authy announced their desktop applications would shut down by August (links further below).

I missed the September 2024 post [Wayback/Archive] Tell HN: Twilio quietly removes Authy iOS app from Mac App Store, stops updates | Hacker News, which basically means that if you had it installed on a Mac, it will keep being installed but never updated.

This was done silently by Authy owner Twilio making new installs are possible, never updating old installs any more thereby effectively decreasing your security.

Anyway: if you want to try side-loading, this is the iOS app link: [Wayback/Archive] Twilio Authy on the AppΒ Store.

Sideloadly (links further below)Β  might work, but in reality it likely is better to have your MFA running on a separate device.

Read the rest of this entry »

Posted in 2FA/MFA, Authentication, Power User, Security, TOTP (Timebase One Time Pads) | Leave a Comment »

How to Weaponize the Yubikey – Black Hills Information Security

Posted by jpluimers on 2024/11/12

I totally missed this back in 2019 when having the first belly surgery (that eventually would lead up into discovering I had already had rectum cancer at that time) [Wayback/Archive] How to Weaponize the Yubikey – Black Hills Information Security.

Luckily I got a reminder:Β [Wayback/Archive] jilles.com on Twitter: “/me the asshole that spoils the magic trick …” afterΒ [Wayback/Archive] yan on Twitter: “who’s excited for defcon next week”

Read the rest of this entry »

Posted in 2FA/MFA, Authentication, Development, Hardware, Hardware Interfacing, Power User, Security, Software Development, U2F FIDO Security Keys, USB, USB | Leave a Comment »

On my list of things to try: Cisco Duo MFA

Posted by jpluimers on 2024/10/29

At the time of writingΒ [Wayback/Archive] Two-Factor Authentication & Data Protection | Duo SecurityΒ is supposed to be free for up to 10 users.

That seems to be an excellent opportunity to re-learn MFA things as it has been a while since I have done big work in that area.

Duo was one of the very many Cisco acquisitions and I wonder how it fits into the Cisco landscape.

Documentation bits to start at:

Read the rest of this entry »

Posted in 2FA/MFA, Authentication, Development, Mobile Development, Power User, Security, Software Development, Web Development | Leave a Comment »

Yet another reason not to use SMS based 2FA: those phone numbers get leaked or sold as Daniel Cuthbert mentioned on Twitter: “@LinkedIn did indeed sell my 2FA phone number”

Posted by jpluimers on 2023/12/06

Many recommend against using SMS for 2FA because of security reasons (SIM swapping, sniffing, etc), but there is another privacy+security reason: these 2FA phone numbers get leaked or sold asΒ [Wayback/Archive] Daniel Cuthbert (@dcuthbert) found out the hard way last year:

–jeroen

Posted in 2FA/MFA, Authentication, GDPR/DS-GVO/AVG, Power User, Privacy, Security | Leave a Comment »

How to set up OpenVPN with Google Authenticator on pfSense – Vorkbaard uit de toekomst

Posted by jpluimers on 2023/09/18

For my link archive: [Wayback/Archive] How to set up OpenVPN with Google Authenticator on pfSense – Vorkbaard uit de toekomst

Should work with Authy too.

Via: [Archive] Matthijs ter Woord (@mterwoord) | Twitter

–jeroen

Posted in 2FA/MFA, Authentication, Power User, Security | Leave a Comment »

Help:Two-factor authentication – Wikipedia

Posted by jpluimers on 2023/09/06

For my link archive as this page contains instructions to request 2FA privileges at Wikipedia: [Wayback/Archive] Help:Two-factor authentication – Wikipedia

Checking whether 2FA is enabled

To determine whether your account has 2FA enabled, go to Special:Preferences. Under “Basic information”, check the entry for “Two-factor authentication”, which should be between “Global account” and “Global preferences”:

Viewing m:Steward requests/Global permissions#Requests for 2 Factor Auth tester permissions is possible to do without being logged on at Wikipedia, but for requesting the 2FA permission and accessing Special:Preferences you need to be logged on.

Visit [Wayback/Archive] Steward requests/Global permissions/2018-12 – Meta and look for “OATH tester” for some examples of motivations for requesting.

–jeroen

Posted in 2FA/MFA, Authentication, Power User, Security, SocialMedia, wikipedia | Leave a Comment »

Only 2 weeks left to enable 2FA for your GitHub account

Posted by jpluimers on 2023/08/29

If you haven’t done so already, then enable 2FA for your GitHub account now:Β This will be a requirement in 2 weeks time.

The 2FA/MFA possibility started about half a year ago with [Wayback/Archive] Raising the bar for software security: GitHub 2FA begins March 13 – The GitHub Blog

You can have various means of 2FA, which al start with a choice between:

After completing either of those those, you can view/download a set of backup codes, and you can add more factors to your Multi-factor authentication setup up to these:

Read the rest of this entry »

Posted in 2FA/MFA, Authentication, Development, DVCS - Distributed Version Control, git, GitHub, Power User, Security, Software Development, Source Code Management | Leave a Comment »

Mysk πŸ‡¨πŸ‡¦πŸ‡©πŸ‡ͺ on Twitter: “Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don’t turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.…”

Posted by jpluimers on 2023/05/10

Do not use the Google 2FA Authenticator to to sync secrets across devices.

The why is explained in the (long) tweet by [Wayback/Archive] Mysk on Twitter: “Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don’t turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.…”

For similar reasons, you might not want to use Authy by Twilio to sync between devices either, though that is less insecure as it enforces you to use a backup-password in order to sync these through the cloud: in the past that backup-password had few security restrictions so it was easy to use a relatively insecure password.

Related (most in Dutch):

Read the rest of this entry »

Posted in 2FA/MFA, Authentication, Google, GoogleAuthenticator, Power User, Security | Tagged: , , , , | Leave a Comment »