Unlonely

tldr; i got sim-swapped yesterday

first noticed our unlonely_app twitter getting hacked. attackers bought similar unlonely dot xyz or unlonely dot claim domains and copied our landing page. luckily, we caught this early and were able to prevent further losses for users.

Sorry this happened to Brian.

For everyone: Authy is security theater and not a real product. 

Replace SMS 2FA with a 2FA tool backed up by…SMS 2FA??

Delete that app and use something else.

Sorry this happened to Brian.

For everyone: Authy is security theater and not a real product. 

Replace SMS 2FA with a 2FA tool backed up by…SMS 2FA??

Delete that app and use something else. https://twitter.com/kylemccollom/status/1606753234315517952

summoning /daylight | kylemccollom.com | we are hiring: careers.daylight.xyz

man i am praying 1password stays safe but should probably get a yubikey

software engineer and onchain craftsperson

1password plus yubikey for the high value targets seems like the best combo

1password is very safe because they encrypt your vault with password + secret key. The secret key adds enough entropy to be hard to crack and doesn't suffer the flaw from users reusing passwords. 1password does not have access to your secret key so do not lose it.

1password is very safe because they encrypt your vault with password + secret key. The secret key adds enough entropy to be hard to crack and doesn't suffer the flaw from users reusing passwords. 1password does not have access to your secret key so do not lose it.

https://support.1password.com/secret-key-security/

yes please. but get more than one yubikey. if one is lost you can use other to login and authenticate. Also yubico authenticator app (pc and mobile) has time-based 2fa. 

bitwarden might an option instead of 1password. up to you though.