Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The attacker already had access to my Gmail, Drive, Photos — and my Google Authenticator codes, because Google had cloud-synced my codes.

Don't do that. Don't put your 2FAs somewhere else than in an unsynched app. Not in Bitwarden, not in any online account, nowhere else than "Something you have".



Just wondering what is the plan in case this thing you have gets lost?

And would you say that using something like authy with encryption using a totally unique password is safe?


Typically you print out recovery codes and keep them somewhere safe


most thefts are inside jobs, so somewhere safe would be to give them to a total stranger




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: