Firewalls Don't Stop Dragons Podcast

Passwords suck and humans aren't good at using them. Password managers can help a lot, but to truly improve your account security these days, you need to add defense in depth. The easiest way to do that today is to enable two-factor authentication, or 2FA. Many websites have supported 2FA for years, but as hacking has gotten more aggressive and password databases are being stolen more often, the popularity of 2FA has grown significantly in the last year or two. Unfortunately, many 2FA systems rely on the lowest common denominator for implementing the PIN code system: SMS or text messaging. SMS is very old, but also very widely used and supported. It's never been terribly secure, but recently some clever security researchers have discovered a simple and cheap way to steal your text messages. Like, for $16. I'll explain this hack and tell you how and why you should switch to the much more secure Time-based one-time-password (TOTP) system for 2FA. In other news: I'll update you on the massive Microsoft Exchan