I just got the email from haveibeenpwned. F Trello.

  • CosmicTurtle@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    arrow-down
    7
    ·
    10 months ago

    Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.

    • never use the same username and password in two or more places
    • always use MFA, a hard token if you can like a yubikey
      • brian@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        all the root secrets are available in plain text the generator app at some point, they have to be. moving that to a single purpose device greatly reduces the risk of vulnerabilities in your phone leading to exfiltration via internet connection

      • Kayel@aussie.zone
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        10 months ago

        I cannot think of a use-case outside of statecraft. Maybe companies engaged, or being engaged, in corporate espionage.

    • Paragone@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      9
      ·
      10 months ago

      Do you own a Yubikey?

      Have you ever succeeded in getting it to work with anything??

      It didn’t work with gmail, or any other online account I had.

      An absolute waste of $$.

      • brian@programming.dev
        link
        fedilink
        English
        arrow-up
        8
        ·
        10 months ago

        mine works for my personal google account, work one is sso and doesn’t have it enabled. otherwise gh, aws, auh0 support it, I’m forgetting some others I use. beyond that you can generate 2fa codes too

      • CosmicTurtle@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        I use yubikey everywhere it’s available for me. Initially, the first few websites in the early years were challenging. I think a lot of devs were still trying to figure out the workflow.

        But today, it’s usually as simple, or simpler, than TOTP.

        So it might be worth trying again. I’d use a YubiKey 4 or higher if you can. If you have an older one, you may want to upgrade to take advantage of the newer technology like NFC and Bluetooth if you’re into that.

        I just wish YubiKey could store more than like 30 TOTP tokens.

      • CucumberFetish
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Sounds like a skill issue.

        Have had yubikey for a few years. It was a pain to set it up initially, but it took me less than an hour if I remember correctly. Since then the only issue I have is that sometimes I accidentally bump into it and it pastes an OTK to a random place.