A Deep Dive on the Recent Widespread DNS Hijacking

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ekuhnke> One thing to consider with authentication for domain registrar
ekuhnke> accounts:

ekuhnke> DO NOT USE 2FA VIA SMS.

Yup. This is a good example of what I'm advocating. Just saying "use
2FA" or "use DNSSEC" or "have a CAA" isn't sufficient detail to make
informed decisions of risk/effort/reward tradeoffs. Simplistic
suggestions without details or context isn't doing anyone any favors.

That said, even SMS 2FA is better than no 2FA. Barely. Just like forcing
lousy passwords is better than no password but still not a best
practice.

• Previous message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Next message (by thread): A Deep Dive on the Recent Widespread DNS Hijacking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]