Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
The idea with passkeys though is that it’s like a dongle, not just your phone number. It’s not an SMS code or link, it uses the cryptography hardware of your phone to authenticate. But the question of “what happens if I lose my phone” still persists.
“5 ways to hack 2FA” is pretty click-baity though. All of those attacks are either not exclusively related to 2FA or could target another component. If you can just bypass security altogether, instead of questioning 2FA, you should consider ditching that service/site.
All except point 1, that is. But everyone should know by now that 2FA by SMS is insecure.
The idea with passkeys though is that it’s like a dongle, not just your phone number. It’s not an SMS code or link, it uses the cryptography hardware of your phone to authenticate. But the question of “what happens if I lose my phone” still persists.
https://fidoalliance.org/passkeys/
https://developer.apple.com/passkeys/
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/amp/
I mean it’s just 2fa without the password so same issues with what I described
https://www.csoonline.com/article/570795/how-to-hack-2fa.html
just the first result on google
“5 ways to hack 2FA” is pretty click-baity though. All of those attacks are either not exclusively related to 2FA or could target another component. If you can just bypass security altogether, instead of questioning 2FA, you should consider ditching that service/site.
All except point 1, that is. But everyone should know by now that 2FA by SMS is insecure.