🆕 blog! “Password Resets in an Age of MFA”
Recently, WordPress got in contact with me to say they suspect that my password was exposed in some sort of data breach. Well, it's a day ending with a "y" - so of course some scumbag has pilfered my digital identity. WordPress mandated that I change my password. But was that really necessary? Firstly, the […]
👀 Read more: https://shkspr.mobi/blog/2024/07/password-resets-in-an-age-of-mfa/
⸻
#2fa #CyberSecurity #MFA #passwords #totp
Btw, I dunno how good of a match this is for you but you could try something like Hugo to create a blog that looks dynamic but is actually just static web pages hosted on a cheap VPS. Tbh, I find the learning curve a little steeper than advertised but once you've got a template you're happy with, updates are easy. Just saying.
TOTP uses a shared secret that is also kept on the severe side, so anyone gaining access to the server can imitate it. Now, if it was U2F there would be no shared secret (a plus), but then again, U2F can associate all seasons / messages to the same person (potentially a negative).
(updated, I meant U2F!)
