Synthetica has quit [Quit: Connection closed for inactivity]
pie_ has joined #nixos-security
tilpner has quit [Ping timeout: 246 seconds]
pie__ has joined #nixos-security
lassulus_ has joined #nixos-security
pie_ has quit [Ping timeout: 246 seconds]
lassulus has quit [Ping timeout: 250 seconds]
lassulus_ is now known as lassulus
pie__ has quit [Ping timeout: 240 seconds]
pie__ has joined #nixos-security
__Sander__ has joined #nixos-security
r5d has joined #nixos-security
pie__ has quit [Ping timeout: 245 seconds]
r5d has quit [Quit: WeeChat 2.3]
tilpner has joined #nixos-security
erictapen has joined #nixos-security
erictapen has quit [Ping timeout: 240 seconds]
erictapen has joined #nixos-security
Synthetica has joined #nixos-security
rain1 has quit [Ping timeout: 250 seconds]
__Sander__ has quit [Read error: No route to host]
erictapen has quit [Ping timeout: 268 seconds]
pie_ has joined #nixos-security
erictapen has joined #nixos-security
MichaelRaskin has joined #nixos-security
<MichaelRaskin>
Aha, so the real goal of enforcing 2FA was to avoid the 2FA-persistence scenarios when _attacker_ enables 2FA?
<gchristensen>
oh shit, what?
<gchristensen>
I mean, *hem*, yes of course!
<MichaelRaskin>
There is a nice article linked from Lobste.rs
<MichaelRaskin>
Various providers, as usual, fail at 2FA (Google included): if you steal password, enable 2FA, login but do not enter 2FA and keep the session alivem then you can finish the login even after the original owner changes the password
<gchristensen>
whoa.
<MichaelRaskin>
A-a-a-nd Microsoft and Facebook refuse to care (Google tries to fix it)
pie__ has joined #nixos-security
pie_ has quit [Remote host closed the connection]
tilpner has quit [Quit: WeeChat 2.3]
Synthetica has quit [Quit: Connection closed for inactivity]