seen from United States
seen from South Korea
seen from Greece
seen from China
seen from United States
seen from Russia
seen from France
seen from Greece
seen from Serbia
seen from China
seen from Angola
seen from Greece
seen from Greece
seen from Greece
seen from Germany
seen from Greece
seen from France
seen from China
seen from Malaysia
seen from Spain
I wish I could turn off mandatory 2fa. I wish it gave me a pop-up that said “Not using 2fa is less secure and puts your account at risk. Are you sure you want to do that?” and I could click “yes” and never have to enter a fucking code from a text ever again
Saw a stupid post that I'm not going to reblog but y'all get to hear about this now:
Yes multi factor authentication is annoying. Yes it is frequently inequitable. HOWEVER. The solution is NOT "we should get rid of MFA". That is how you get hacked. That is how your grandparents (or frankly YOU) lose their life savings to one sketchy link.
There are many ways we should improve MFA. The "text me a code" option should NEVER be the only option (it's inequitable + less secure) and tech companies should be forced (taxed) to hand out yubikeys for free at the public library or smth.
I get it. Everything is getting worse and this seems like just another shitty thing tech companies are forcing on you. But MFA is not enshittification. It is ESSENTIAL cybersecurity. It needs to be made accessible to everyone because it is increasingly the only way to keep your identity and money secure.
It's also worth considering that the people who have difficulties using MFA (limited tech knowledge, no access to a cell phone, etc) are often the ones MOST at risk having their life blown up by a phishing attack. The solution here is not to make their accounts less secure.
I’m only posting this because someone might see it and panic.
Amazon was not hacked*. She was hacked. Most likely she inadvertently got phished (sent an official-looking email or text with a link designed to get you to enter your login information on a fraudulent site).
Amazon rarely sends emails out that require immediate action. Don’t click any weird links.
Use your browser’s random password generator. Let go of the idea that you need to remember your passwords. And definitely stop using the same password on multiple sites.
Make sure 2-factor authentication (2FA) is on. If you’re one of those people who thinks 2FA is inconvenient, stop being that person. If your login credentials are stolen, 2FA is the first line of defense. The most convenient method is to have a code sent via text. You’ll be immediately notified if someone tries to sign in to your account, and you don’t need a smartphone. Authentication apps are slightly faster and a bit more reliable, but they of course require a smartphone.
*There was a recent breach of the European Commission database, but that would not have made her account vulnerable in this way.
Mutuals please, I'm begging you. Turn on two-factor authentication.
Also, if you get a message and you THINK you might be scammed, please reach out to your local friendly neighborhood I.T. guy. If you don't have one, please reach out to ME, because losing your account SUCKS and is an awful, awful place to be.
31. Januar 2026
Mein kleines Token
Ich arbeite an einer Uni. Um Email, Cloud und alles mögliche andere an der Uni zu verwenden, braucht man ein Passwort, und, wenn man von zu Hause arbeitet, außerdem noch irgendwas Zusätzliches – die berüchtigte “Two Factor Authentification”, oder kurz 2FA. Anfangs erhielt ich als 2FA einfach eine SMS an mein Handy, ich habe vergessen, was da genau passierte. Aber zu Hause habe ich fast keinen Handyempfang. Deshalb bin ich vor einiger Zeit auf die 2FA-App umgestiegen (beziehungsweise eine der Apps, die Uni verwendet mehrere, je nach Kontext, man hat es nicht einfach). Wenn ich mich einlogge, kriege ich einen Zahlencode angezeigt, den ich dann über die App eingeben muss.
Vor einer Woche erhielt ich eine Email, in der stand, dass diese App demnächst auf meinem Android-Handy älterer Bauart nicht mehr funktionieren wird. “Ältere Bauart” heißt “nicht erst gerade gestern gekauft” oder so. Ich solle mich doch mal darum kümmern. Als Alternative bietet man mir ein Token an. Drei Tage später ist das Token in meinem Büro angekommt: Ein Plastikding mit einem Display und einem Umhängeband. Es wirkt ungemein kompetent.
Als ich mich das nächste Mal von zu Hause einlogge, schalte ich die 2FA auf Tokenbetrieb um. Auf dem Token erscheint ein sechsstelliger Code, den ich im Browser beim Einloggen eingebe, und schon bin ich drin. Es kommt mir alles komisch vor, weil dieses kleine Ding ja sicher nicht mit der Uni kommuniziert. Tut es auch nicht, wie mir erklärt wird. Das Token hat eine Nummer, die das Uni-Netzwerk kennt. Aus der Nummer generiert es einen Code, aus dem die Uni erkennt, dass ich es bin. Mehr Details weiß ich auch nicht. Und so sieht das Gerät aus, das ich demnächst ganz sicher stundenlang in der Wohnung suchen werde.
(Aleks Scholz)
Internet Safety: Part 2
AKA: What are the odds?
It's a fair question to ask - what are the odds?
You should always be able to make assessments based on risk.
The issue is that calculating the risk of being hacked isn't what you think it is (probably).
Most people look at the risk like this:
Why would a hacker target me? I'm nobody, I'm unimportant. This is just my fanfic account, if they want my smut, they can have it. If they want my spam mails from Amazon, they can have my email.
But that's not the actual risk.
So let's look at that together.
