MFA
4 articles with this tag
What is phishing? The types of attack, and defenses surer than 'spotting it'
Phishing impersonates a trusted party to lure you to a fake login page and steal credentials or data (or run malware). It targets human judgment rather than a software flaw, and is the number-one entry route for ransomware and breaches. Modern adversary-in-the-middle (AiTM) phishing relays even one-time codes to the real site in real time, so SMS/app MFA can be defeated. The sure defense isn't 'spotting it' but mechanisms: domain-bound phishing-resistant MFA (passkeys/security keys), going to the official site directly instead of clicking links, and email authentication (SPF/DKIM/DMARC).
Choosing MFA the right way: what 'phishing-resistant' means, and why SMS is weak
MFA is a second lock so a leaked password alone can't get you in — but what you turn on changes its strength by three tiers. SMS/email codes fall to relay phishing and SIM-swap; authenticator apps (TOTP) are mid; passkeys/security keys (FIDO2) can't be presented to a fake site at all — that's phishing resistance. Top priority: put phishing-resistant MFA on the keys to the kingdom (email, domain, payments). Storing recovery codes and having a backup factor complete the setup.
Is storing your passwords in Google Drive safe? How to keep them properly
Keeping passwords in a plaintext Google Doc/Sheet is dangerous: one Google account becomes the single point of failure for every password — account takeover, a rogue connected app, or phishing leaks them all at once. The fix is a dedicated password manager (contents stay encrypted even when synced). If you must use Drive, store only an encrypted vault file and put phishing-resistant MFA on the account.
The security baseline for indie devs and small operators: the whole standard set
The baseline isn't 'all equally important.' This site's priority order: 1) keys to the kingdom (MFA, domain, email), 2) secrets and code, 3) the app itself, 4) patch, detect, recover. With finite time, fill it top-down. Most serious breaches come not from novel attacks but from a gap in this foundation.