Training in Quarantine – Day 179

Late out today — my phone wanted to upgrade so I attempted it (it was an upgrade from Android 9 to Android 10), and it didn’t work, and I ended up having to factory reset and install from scratch. I did have some Titanium Backup backups, but they didn’t seem to work a lot of the time :/

So for the most part, I just reinstalled all the apps I remember using and logged in. For most, that was fine. But I lost the MFA codes on Google Authenticator, meaning I had to remove and setup:

  • AWS
  • LastPass
  • WordPress
  • GitLab

all over again

AWS was quick and painless after a security check to confirm I was who I said I was and they called me on the number on the account.

WordPress was painless too — I was already logged in, so just removed MFA and set it up again, then logged in again. Similarly with LastPass

GitLab however, is proving to be more of a pain. They no longer accept MFA removal requests for people on the Free plan. So I wonder if they will accept me going to a subscription model so I _can_ then request the MFA removal. I think it is better anyway, since I’m hitting the 400 minute CI limit pretty regularly. The 2000 minute CI limit would be better. At least until I can get my own GitLab install working.

As for the run, yes, it was a run — well, more of a jog, anyway. Still did the 3km lap, doing it in 20 mins rather than the 30 mins it normally takes me when I walk it.

Security

As a result of the Ubuntu Forums hack recently, I’ve now had to spend several hours going through all my internet logins accounts to see whether or not I have used the same password anywhere else. Not surprising, I have so I have to go through and change them all. Fortunately, LastPass allows me to generate secure passwords which  I can use to replace other passwords. The only real place where I would be concerned if they have access would by emails, but I have 2-factor authentication turned on there, and have had it turned on for many months, and they need my email address, password AND phone to get into my account. Even my backup codes are stored on a TrueCrypt volume stored on a LUKS partition on my laptop so they would need two passwords to get at those.

Mind you, it IS good that these forums were hacked, it’s given me a reason to go through my accounts and see which ones I still use and which ones I can delete.

 

2-step verification – Accounts Help

Some may not know, but Google supports 2FA (2-Factor Authentication), and this basically means you need two items of information to log into your Google Account. Paypal also has this option.

I only found out about this through LastPass when I was cleaning up some old (and no longer used) accounts. This is worth a look and maybe switching on. But, as with most forms of authentication, you need to balance the convenience and risk (See related articles)

2-step verification – Accounts Help.

 

%d bloggers like this: