Heroku removes SMS as an MFA Verification Method


We all know SMS two factor auth is very dangerous due to it’s insecure nature, but we don’t often here companies actually doing anything about it. Most won’t remove SMS two factor auth because they want your phone number so they can better target you with ads. Hopefully we start to see more people follow this trend, as everyone else is just playing security theatre.

A Hacker Got All My Texts for $16


This has long been true, but for some reason it still needs to be said: two-factor authentication over text message makes you less secure than not having it.

Why I Actively Discourage Online Tooling like `jwt.io` and Online JSON Validators


I’ve seen people at every place I’ve worked just… share things like this with any webpage with a text input box and it’s never set right with me. It’s such an easy way to social engineer your way in to free personal identifiable information.

1 of 1