A developer details a frustrating bug in GitHub's 2FA system that prevents removing SMS authentication without adding an authenticator app first.
Explores the security trade-offs of storing 2FA TOTP codes in a password manager versus a separate authenticator app.
A technical guide on extracting 2FA secrets from the abandoned Authenticator Plus iOS app using SQLCipher and Ruby.
A step-by-step guide on how to change the TOTP-based two-factor authentication app linked to your GitHub account.
A developer shares a personal checklist for securing and recovering Android devices in case of loss, theft, or damage.
A technical guide explaining how to implement TOTP-based two-factor authentication, including code examples in Python and Hare.
A developer shares practical tips and warnings for using YubiKeys for 2FA, SSH authentication, and sudo prompts to enhance security.
A guide to enforcing AWS IAM 2FA and scripting logins for secure, automated command-line access.
A technical guide on automating the bypass of two-factor authentication (2FA) for use in scripts and automated testing.
Explains the subtle but critical security difference between SMS-based Two Factor Authentication (2FA) and insecure SMS-based account recovery.
A tutorial on setting up two-factor authentication for SSH and PGP keys using the Krypton tool, storing keys on a mobile device.
