I am wondering, why Instagram and MS did not react and fix this issue. And I am ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sdoering on Jan 29, 2019 \| parent \| context \| favorite \| on: I abused 2FA to maintain persistence after a passw... I am wondering, why Instagram and MS did not react and fix this issue. And I am wondering, what one can do, if "forced" to use these two. IG I am using privately, with my FB login. That works with a dedicated email address and password. So ok - one could hack that and do stuff. Well bad, but ok. But MS? I am forced to use it in the company setting I am in. What to do to secure this more?

hiccuphippo on Jan 29, 2019 [–]

Enable 2FA yourself. That way if the attacker manages to get your original password, they won't be able to login and enable 2FA themselves.

sdoering on Jan 29, 2019 | [–]

Thanks. Didn't read that right in my OP

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact