SECURITY: STUPID secondary identification

http://gizmodo.com/how-hackers-reportedly-side-stepped-gmails-two-factor-a-1653631338

How Hackers Reportedly Side-Stepped Google’s Two-Factor Authentication
Kelsey Campbell-Dollaghan

*** begin quote ***

Writing on Ello, Blakeman describes how hackers gained access to his Instagram account through his Gmail. Even though he had two-factor turned on, the hackers were able to reset his Instagram password through Gmail and take control of his account (which has since been restored). So how did they do it? Blakeman says that Wired’s Mat Honan, himself a veteran of an epic hack, helped him by suggesting he check with his cellphone provider.

It turns out his number had been forwarded to a different number—which is how the hackers gained access:

“The attack actually started with my cell phone provider, which somehow allowed some level of access or social engineering into my Google account, which then allowed the hackers to receive a password reset email from Instagram, giving them control of the account.”

*** end quote ***

I suspect it’s those STUPID secondary identification authenticators!

Once again, if your mother’s maiden name isn’t “R2D2GMAIL” at Google and “R2D2AMAZON” at Amazon, then you are asking to be hacked.

Sorry, but, I use LASTPASS and just keep the secondaries in the notes. 

AND, I never reuse a password anywhere!

YMMV.

# – # – # – # – #   

Please leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: