Comment on No, Okta, senior management, not an errant employee, caused you to get hacked

Pxtl@lemmy.ca ⁨1⁩ ⁨year⁩ ago

I mean if you’re on GSuite, fundamentally isn’t a loss of control of your personal Gmail account just as likely as a loss of control of your professional account?

It does show how browsers offering cloud-synched password vaults without mandating 2FA to use that feature is grossly irresponsible.

2FA is, in my experience, the thing that would be blocking 99% of this kind of attack. Which shows how if you’re regularly using something that doesnt have 2FA that should be a red flag. In this case it was 2 layers of that:

Their google account probably didn’t have 2FA, and neither did that service account. Now obviously a service account generally won’t have 2FA, but if you’re regularly keying in service account credentials into a web browser something has gone wrong.

source
Sort:hotnewtop