| ▲ | sgammon 4 days ago | |
why were you synchronizing your 2fa codes? that requires opt in, even in the form of a signed in google account combined with google authenticator as a choice of 2FA code storage why were your coins not in a cold wallet? that is how you stop this permanently why did you acknowledge any kind of inbound communication? ignore it. always. or call outbound to a confirmed number to make sure. btw you were scammed out of $80k, as you admit in your article, the headline is misleading for seemingly no reason except the larger number | ||
| ▲ | sgammon 4 days ago | parent | next [-] | |
> an authenticator code is NOT a 2nd factor, if that user is using Google Authenticator. it is still a second factor, because it is something you have instead of something you know; it's just that you converted it to something you know when you read it and transmitted it to someone else all that being said, yeah, legal@google.com (as a homograph attack) should probably be blocked. | ||
| ▲ | sgammon 4 days ago | parent | prev [-] | |
convenience is nearly always a tradeoff with security | ||