Raspberry Pi IPOs, software launches, updates, a spotlight on #Wag - a #WireGuard management solution with client #MFA support, and more in this week's self-hosted recap!
Key point is this: "companies and end users should always use multi-factor authentication to lockdown accounts when possible and ensure it’s compliant with the #FIDO standard when available. #MFA available through push notifications or one-time passwords provided by text, email, or authenticator apps are better than nothing, but as events over the past few years have demonstrated, they are themselves easily defeated in credential phishing attacks" #webauthn#2fa
Am Donnerstag legten bundesweit rund 2.000 Beschäftigte in Arztpraxen die Arbeit nieder, der Verband medizinischer Fachberufe hatte zum Warnstreik aufgerufen. Die Forderung: bessere Arbeitsbedingungen und mehr Gehalt. 🩺
Praxismanagerin Jana August wollte mit dem Warnstreik auch für mehr Anerkennung ihres Berufs kämpfen. "Wir sind diejenigen, die den Laden am Laufen halten", sagt die Hamburgerin. 🥼
For my hackathon project I did try to make CFA (Cat Factor Authentication, using your cat's microchip as a second factor) a thing 😆 The project did win a prize, but more for the experimentation then the actual result https://wpengine.com/blog/hackathon-december-2023/
I've been thinking about getting a hardware security key and have heard of yubikey before; but I want to see what my options are and if they are worth it in your opinion.
My current setup is a local KeePassXC database (that I sync between my PC and phone and also acts as TOTP authenticator app), I know that KeePass supports hardware keys for unlocking the database.
I am personally still of the belief that passwords are the safest when done right; but 2FA/MFA can greatly increase security on top of that (again, if done right).
The key work work together with already existing passwords, not replace them.
As I use linux as my primary OS I do expect it to support it and anything that doesn't I will have to pass on.
PS: what are the things I need to know about these hardware keys that's not being talked about too much, I am very much delving into new territory and want to make sure I'm properly educated before I delve in.
Creepy dude: “I’m gonna hack you!”
Me: “Free #pentest ? Sounds good”
Creepy dude: I SAID IM GONNA #hack YOU! Be scared, female!
Me: This dude is gonna test my #systems for free. I was just gonna pay someone a chunk of change.
Me: noooooo dont!
Creepy guy: tries to get in my accounts, repeatedly fails bc i got a yubikey in my clit ring bc crazy person
Me: well… at least hardware authentication works.
Tipp Nr.7: Verwende starke und einzigartige Passwörter für deine Konten. Mit »stark« ist gemeint, dass das Passwort möglichst lang ist (ab 16 Zeichen aufwärts) und zufällig entstanden ist. Die Verwaltung von den Zugängen/Konten solltet ihr über einen Passwort-Manager bewerkstelligen. Für zusätzliche Sicherheit: Zwei- oder Mehr-Faktor-Authentisierung (#2FA, #MFA) bspw. via TOTP, FIDO/U2F.
Careful with the 3rd party apps for #Lemmy that are popping. As Lemmy doesn't implement #OAuth, all those apps will directly ask you your login & password.
Also, I'd love to tell you to enable #MFA, but it can only be activated when browsing on mobile, and it's broken. I almost locked myself out of my account because the token was rejected. This may soon turn into a security nightmare.