Ryan Ouyang
@ryanouyang.eth
I witnessed first-hand yesterday how scary a SIM swap could be. Chris, my co-founder, had been SIM-swapped and the attacker entered his personal Gmail, which contained 2FA codes for his accounts thanks to Google Authenticator cloud sync. Thankfully, nothing has been affected on the IYK side (except for Twitter).
1 reply
0 recast
0 reaction
Ryan Ouyang
@ryanouyang.eth
Even if mobile 2FA is used everywhere, as long as your Google account is resettable via SMS, you're screwed if you have cloud sync turned on for Google Authenticator. It's on by default, but you can turn this off in the top right of the app: https://9to5google.com/2023/04/28/google-authenticator-sync-off/
1 reply
0 recast
0 reaction