What a surprise: @bitwarden explains setting up 2fa with Tuta Mail (slide 39)! 😍

👉 bitwarden.com/resources/presen…

And rightly so: Because #encrypted email get even more secure with #2FA and #passwordmanagers 💪

Keeping your #encrypted mailbox safe & secure is our #passion. 🥰

In light of the news that Authy is discontinuing their desktop app in August of 2024, we want to let everyone know that Tuta supports all major authenticator apps & U2F keys. 🔐

No need to worry about compatibility when making the jump to a new authenticator app.🤹

👉 tuta.com/blog/posts/2fa-tutano…

#Yubikey #aegis #2FA #privacy

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.

TL;DR: Don't turn it on.

The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.

We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.

Why is this bad?

Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵

#Privacy #Cybersecurity #InfoSec #2FA #Google #Security

Microsoft Authenticator prompts the user to accept sharing analytics during the first launch. The prompt only dismisses when the user taps on "Accept." In fact, the app starts sending analytics even before accepting the privacy statement.🤦‍♂️

In this video, we downloaded the authenticator app from the App Store and we opened it as we monitored the iPhone network traffic. While the app was showing the permission prompt, we captured at least 3 calls made by the app sending diagnostics to Microsoft. The app sent 14 KB of analytics even before accepting the prompt.

The message on the prompt actually says that Microsoft needs to collect diagnostic data in order to keep Authenticator secure and up to date. 😵‍💫

#Privacy #Cybersecurity #2FA #InfoSec #Security #Microsoft

youtu.be/r5456XXG6v0

Privacy: Microsoft Authenticator sends analytics even before accepting the privacy statement

When opening Microsoft Authenticator for the first time after downloading it from the App Store, it prompts the user to accept sharing diagnostics with Micro...

^YouTube

Many iPhone users are asking us to recommend safe authenticator apps. Well, the App Store is making it useless to recommend any app. No matter what you search for, the top hit is almost always an ad for a scam app.

#Apple #AppStore #2FA #InfoSec

Tutanota: U2F support is now also available on #Android and #iOS

U2F keys are now supported on all @Tutanota clients.

(Tutanota is also an avoidthehack recommended encrypted email provider).

#mfa #2fa #privacy #cybersecurity #infosec #infosecurity

tutanota.com/blog/posts/app-up…

U2F support is now also available on Android and iOS.

Celebrate with us the new release of Tutanota!

^Tutanota