Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
I don’t know about windows specifically, but for outlook they’re pushing their authenticator app (you can use any) and SMS or email one time links. I think it works really well, and almost all attempts to access my account have stopped tbh, they can’t phish for my password if I don’t have a password.
I don’t know about windows specifically, but for outlook they’re pushing their authenticator app (you can use any) and SMS or email one time links. I think it works really well, and almost all attempts to access my account have stopped tbh, they can’t phish for my password if I don’t have a password.
Yeah this is being standardized at the mobile hardware level now with
https://fidoalliance.org/passkeys/
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
That reverse-code thing is super annoying. The next vector is through the shitty app itself.