Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I want to use this, but this post gave me pause:

https://x.com/blader/status/1800263787746066646

"apple sherlocked 1Password today, so i'd like to remind you that your Apple ID is only as secure as your carrier.

if you have 2FA on and get SIM swapped, attackers can lock you out of it PERMANENTLY.

last month it happened to me. make sure it doesn't happen to you: "

Getting locked out of all my passwords would be pretty disastrous. Did Apple announce a change to the account lockout procedure as well?



You can add security keys as a 2FA method and it will disable use of the trusted phone number for authentication


What happens if you have the RecoveryKey set, like the actual generated Recovery code? If that's set, can you always reestablish access?


This. I don't think most people realize how much eggs they put into one basket. Every service that can be used for MFA (email, token, password manager) should have its own separate barriers of entry to make total compromise as difficult as possible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: