Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.
never use the same username and password in two or more places
always use MFA, a hard token if you can like a yubikey
all the root secrets are available in plain text the generator app at some point, they have to be. moving that to a single purpose device greatly reduces the risk of vulnerabilities in your phone leading to exfiltration via internet connection
mine works for my personal google account, work one is sso and doesn’t have it enabled. otherwise gh, aws, auh0 support it, I’m forgetting some others I use. beyond that you can generate 2fa codes too
Have had yubikey for a few years. It was a pain to set it up initially, but it took me less than an hour if I remember correctly. Since then the only issue I have is that sometimes I accidentally bump into it and it pastes an OTK to a random place.
Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.
It’s a breach.
Attackers queried email addresses and trello responded with names and user names.
Physical token over TOTP authenticator?
all the root secrets are available in plain text the generator app at some point, they have to be. moving that to a single purpose device greatly reduces the risk of vulnerabilities in your phone leading to exfiltration via internet connection
I cannot think of a use-case outside of statecraft. Maybe companies engaged, or being engaged, in corporate espionage.
Do you own a Yubikey?
Have you ever succeeded in getting it to work with anything??
It didn’t work with gmail, or any other online account I had.
An absolute waste of $$.
mine works for my personal google account, work one is sso and doesn’t have it enabled. otherwise gh, aws, auh0 support it, I’m forgetting some others I use. beyond that you can generate 2fa codes too
I use mine with AWS.
Sounds like a skill issue.
Have had yubikey for a few years. It was a pain to set it up initially, but it took me less than an hour if I remember correctly. Since then the only issue I have is that sometimes I accidentally bump into it and it pastes an OTK to a random place.
Setting up: https://www.yubico.com/setup/yubikey-5-series/
Supported services: https://www.yubico.com/works-with-yubikey/catalog/
Google Accounts (for your gmail): https://www.yubico.com/works-with-yubikey/catalog/google-accounts/