I maintain a a test-suite for TOTP codes. It contains a bunch of codes which adhere to the specification, some of which stretch it to breaking point, and some that are completely invalid. These codes are a good starting point for checking whether a 2FA / MFA app works correctly. Proton have release a swish new authenticator app for Android, iOS, Mac, Linux and Windows. Sadly, their open source…| Terence Eden’s Blog
In episode 348 of This Week in WordPress, the panel dives into upcoming WordPress events, new features in Gutenberg (like the accordion block), and AI’s growing role in translation plugins. They discuss changes in the hosting landscape, including leadership updates, and touch on the legal battles between major players in the WordPress space. The conversation segues into community topics, conference planning woes, and even an amusing detour about alligators in Florida. It’s a lively blend ...| WP Builds
7 essential cyber safety tips for kids that every parent should start teaching now to protect their child (+ free downloadable checklist)| All Things Secured
In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they’re a strong alternative to passwords. If you’re a curious techie, check that out first.| blog.compass-security.com
Organizations should consider three-factor authentication (3FA), but the new device can't be used to authenticate from a foreign device.| Help Net Security
Looking for a free two-factor authentication app that works across platforms? Proton Authenticator offers broad import capabilities, iCloud sync, and thoughtful security features from a company you might actually have heard of.| TidBITS
Read more about what MFA options authentik supports (and why).| authentik Blog
We are pleased to announce the release of authentik 2024.10.| authentik Blog
How security consultant Troy Hunt got tricked by a clever phishing email and his Mailchimp account got compromised.| Help Net Security
The world is a dangerous place. Take some of the edge off by enabling Two Factor Authentication (2FA) on your WordPress sites in about 60 seconds.| LowEndBox
Phishing attacks continue to evolve, pushing even the most secure authentication methods to their limits. First advertised on cybercrime networks in late January 2025, Astaroth is a brand new phishing kit that bypasses two-factor authentication (2FA) through session hijacking and real-time credential interception. Astaroth utilizes an evilginx-style reverse proxy to intercept and manipulate traffic between […] The post Astaroth: A New 2FA Phishing Kit Targeting Gmail, Yahoo, AOL, O365, and ...| SlashNext
Have you ever wondered how vulnerable your business is to cyberattacks? According to recent reports, nearly 43% of cyberattacks target small businesses, often exploiting weak security measures. One of the most overlooked yet highly effective ways to protect your company is through Multi-Factor Authentication (MFA). This extra layer of security makes it significantly harder for […]| Forthright Technology Partners
Learn how phone number deactivation and recycling impacts fraud prevention and increases risk for the integrity of the end-user account.| Telesign
Cyber risks are everywhere in today’s digital world. People and companies can lose money, have their data stolen, or have their identities stolen if they use weak passwords or old authentication methods. A strong password is the first thing that will protect you from hackers, but it’s not the only thing that will do the […]| Forthright Technology Partners
A simple step-by-step tutorial to add Yubikey 2FA to your Vanguard account that will protect your investments from hackers & phishing.| All Things Secured
Step-by-step tutorial to add Yubikey 2FA to your iCloud account. Prevent phishing and protect your Apple iPhone, iPad, or Mac.| All Things Secured
This video brings attention to the importance of implementing 2FA, 3FA, MFA and upgrading your security awareness efforts.| Help Net Security
Build crazy-strong security with these password manager best practices that include double-blind passwords, random security answers & more.| All Things Secured
Fraudulent brokerage account transfers via ACATS are rare but devastating. Learn how to protect your accounts from ACATS fraud in this case study.| The Finance Buff
Discord accounts are getting hacked. This is my analysis of how most recent bookmarklet attacks work, with guidelines on what Discord can do to mitigate these attacks.| BREAKDEV
Welcome to 2019! As was noted, this will be the year of phishing automation. We've already seen a release of new reverse-proxy tool Modlishka and it is only January. This release would not have happened without the inspiration I received from Michele Orru (@antisnatchor), Giuseppe Trotta (@Giutro) and| BREAKDEV
Tis the season to be phishing! I've finally found some free time and managed to take a break to work on preparing a treat for all of you phishing enthusiasts out there. Just in time for the upcoming holiday season, I present you the chilly Evilginx update. [Download| BREAKDEV
About 2 months ago, I've released Evilginx 2. Since then, a lot of you reported issues or wished for specific features. Your requests have been heard! I've finally managed to find some time during the weekend to address the most pressing matters. [>> Download Evilginx| BREAKDEV
A plugin to support TOTP based Two Factor Authentication in OctoPrint >= 1.11.0.| OctoPrint Plugin Repository
Follow us on Twitter @HackRead| Hackread - Latest Cybersecurity, Tech, AI, Crypto & Hacking News
While auditing internal infrastructure for Radically Open Security, I discovered a weakness in the devise-two-factor Time-based One-time Password (TOTP) library. With the help of Chris MacNaughton, we confirmed the vulnerability and informed the upstream vendor of the library. This article has some details about the vulnerability and disclosure.| invd blog
Two-Factor Authentication for WordPress WordPress security plugin, firewall & anti-spam - Defender| WordPress security plugin, firewall & anti-spam
Follow us on Twitter @HackRead| Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
How to limit the number of concurrent user sessions in WordPress WordPress security plugin, firewall & anti-spam - Defender| WordPress security plugin, firewall & anti-spam
We are happy to announce the release of Stalwart Mail Server 0.8.3! This latest version introduces two powerful security features: Two-Factor Authentication (2FA) with TOTP codes and Application Passwords. These additions are designed to enhance the security of your email accounts, providing robust protection against unauthorized access.| stalw.art
An attack on PyPI user accounts starting on March 31st, 2024.| blog.pypi.org
PyPI now requires 2FA for all users.| blog.pypi.org
PyPI will require 2FA for all users on Jan 1, 2024.| blog.pypi.org
PyPI requires 2FA for all management actions on TestPyPI.| blog.pypi.org
A PyPI user had their account taken over| blog.pypi.org
PyPI requires new users to enable 2FA before performing management actions.| blog.pypi.org
It is important to keep your digital lives safe from hackers or cybercriminals. Protecting your online privacy can help minimize the chances of identity theft. By taking just a few steps and making some changes to your devices and online accounts, you can protect your identity from third parties’ attempts to steal your data.| IPConfig.in - What is My IP Address?
I'm finally releasing the new update to Evilginx, together with Evilginx Mastery video course, created to teach you everything you need to know about reverse proxy phishing and using Evilginx in most efficient manner.| BREAKDEV
At the start of last week, we received great news regarding new improvements to a very popular security app, “Google Authenticator”. A feature it was lacking for a long time was finally implemented, “cloud backups”. | Gonçalo Valério
Evilginx becomes a relay between the real website and the phished user. Phished user interacts with the real website, while Evilginx captures all the data.| BREAKDEV
"Gone Phishing" 2.4 update to your favorite phishing framework is here. May the phishing season begin!| BREAKDEV
Disabling paste on password fields can increase security... despite claims to the contrary.| Paul Moore