Zum Inhalt der Seite gehen

mastodon - Link zum Originalbeitrag
#VibeCoding your MFA
Screenshot of a MFA form: Account Verification We have just sent the code 435841 to your phone number: x0cx0x-8247 Please enter the code below to access your account:
#vibecoding
Als Antwort auf BeyondMachines

Kit 🏳️‍🌈🏳️‍⚧️🇺🇦
mastodon - Link zum Originalbeitrag
Kit 🏳️‍🌈🏳️‍⚧️🇺🇦
What application is that, smh? I'm not sure the people know the purpose of sending a code to your phone XD
Als Antwort auf BeyondMachines

Leszek
mastodon - Link zum Originalbeitrag
Leszek
Please tell me this is just a joke form someone wrote and not a screenshot of a publicly facing service.
Als Antwort auf Leszek

Kevin Karhan
mastodon - Link zum Originalbeitrag
Kevin Karhan

+1

  • I hope too this is just a poorly made demonstration thingy that explains how to integrate some actual #2FA!

Cuz to me thats #NegativeFactorAuthentification instead of #TwoFactorAuthentification!

infosec.exchange/@beyondmachin…

BeyondMachines

2025-06-16 11:52:44

mastodon - Link zum Originalbeitrag

#VibeCoding your MFA
Screenshot of a MFA form: Account Verification We have just sent the code 435841 to your phone number: x0cx0x-8247 Please enter the code below to access your account:

#2fa #twofactorauthentification #negativefactorauthentification
Dieser Beitrag wurde bearbeitet. (5 Tage her)
Als Antwort auf Leszek

Ari [APz] Sovijärvi
mastodon - Link zum Originalbeitrag
Ari [APz] Sovijärvi
@makdaam It has to be a joke, but I've seen so many of these where whoever made it obviously hadn't stopped to think how their "clever" system would fare in the real world. This includes those "secret questions" that you can easily lift from the person's social media.
@Leszek
Als Antwort auf Ari [APz] Sovijärvi

Irina
mastodon - Link zum Originalbeitrag
Irina
@apzpins @makdaam The solution to that is *don't use those things as your security questions* so you can joyfully play the game. It's really that easy. Signed: Piep Abbenes (my 1990s pornstar name)
@Leszek @Ari [APz] Sovijärvi
Als Antwort auf Irina

Cadbury Moose
mastodon - Link zum Originalbeitrag
Cadbury Moose

@irina @apzpins @makdaam

Ah, this moose apparently went to school at Nyarlathotep's Academy, and had a dog named "Horseradish".

These are both equally 'true' facts. 3:O)>

@Irina @Leszek @Ari [APz] Sovijärvi
Als Antwort auf Irina

Leszek
mastodon - Link zum Originalbeitrag
Leszek
@irina @Cadbury_Moose @apzpins Is it a good name if you don't have to use the phonetic alphabet including digits to spell it?
@Irina @Cadbury Moose @Ari [APz] Sovijärvi
Als Antwort auf Leszek

Carl
mastodon - Link zum Originalbeitrag
Carl
, you need to be very strong now about what I am about to tell you. @beyondmachines1
@BeyondMachines
Dieser Beitrag wurde bearbeitet. (5 Tage her)
Als Antwort auf BeyondMachines

Carl
mastodon - Link zum Originalbeitrag
Carl
I feel much safer now. After all, the AI told me 2FA is safer and I am confident the vibe code is leak-proof!
Als Antwort auf BeyondMachines

Paul Cantrell
mastodon - Link zum Originalbeitrag
Paul Cantrell

This is a joke, right? It’s fake? It HAS to be fake.

@adamshostack

@Adam Shostack
Als Antwort auf Paul Cantrell

rk: it’s hyphen-minus actually
mastodon - Link zum Originalbeitrag
rk: it’s hyphen-minus actually

@inthehands @adamshostack

There was a Lobste.rs thread a while back that linked to a vibe coded MFA thing where the MFA just…didn’t work. Basically it would bypass the actual auth checks in some common situation, and even had test cases generated that confirmed this to be the case.

I’ll see if I can find it.

@Adam Shostack @Paul Cantrell