A rather geeky/technical weblog, est. 2001, by Bramus
Two Factor Authentication via TOTP for all your Users out-of-the-box. This packages adds a Contract to detect in a per-user basis if it should use Two Factor Authentication. It includes a custom view and a listener to handle the Two Factor authentication itself during login attempts. It is not invasive, but you can go full …
Continue reading “Laraguard – Two Factor Authentication via TOTP for all your Users out-of-the-box.”
There are plenty of opportunities for friction in the user experience when logging in, particularly while entering a two factor authentication code. As developers we should be building applications that support the need for account security but don’t detract from the user experience. Sometimes it can feel as though these requirements are in a battle …
Continue reading “HTML attributes to improve your users’ two factor authentication experience”
In case you were still in doubt after this SIM port horror story from back in May: We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap. We found that all five carriers use insecure authentication challenges that can easily be subverted …
It’s possible to unlock and start a Tesla using only using a driver’s App username and password (without the need of a key nor the pincode to unlock the onboard dashboard!) Let this be a reminder to never trust free Wifi; especially not Wifi that requires you to “log in” (*). Also: Services like these …
Continue reading “How to Steal a Tesla and What You Should Do to Protect Yourself”
Sean Coone got hacked last week. Even with 2FA enabled, hackers got in … because his phone number got transferred to a rogue device: My personal identity was hacked last week. The attacker was able to steal $100k+ in a sweep of my Coinbase account. I’m equal parts embarrassed, hurt, and deeply remorseful. In an …
Continue reading “The Most Expensive Lesson Of My Life: Details of SIM port hack”
Since early October it’s possible to enable Two Factor Authentication with your NPM account. 2FA is another layer of defense for your account, preventing third parties from altering your code even if they steal or guess your credentials. This is one of the easiest and most important ways to ensure that only you can access …
Continue reading “TIP: Enable Two Factor Authentication (2FA) with your NPM account”