![]() ![]() That doesn’t mean it’s not a perfect platform to elevate your channel and grow your brand. Direct self-promotion - like sharing links to your own content - is generally not permitted. Flair tags help guide users to the topics they want to see. Also, rather than relying on algorithms to suggest content, users join the subreddit communities they’re interested in. The posts and comments rise or fall in popularity based on like or dislike votes from other users. Plus, the moderators can develop their own community rules within the general Reddit guidelines. There are pages, called subreddits, for nearly any topic imaginable. Reddit has taken the concept of online chat forums to the next level. A guide to Reddit: more than just a forum Consider this a Reddit guide to help you use subreddits to get creative in your own content, engage with your audience in new ways and understand what they’re interested in. They’re discovering it’s one of the most under-used ways to give your brand a boost. In 2022, you’ll notice that more creators are on Reddit than ever before. Reddit’s post demonstrates that people who should know better aren’t always heeding this advice.As a matter of good business, online creators should be aware of the trends and practices creators are using. Security practitioners have been preaching this gospel for years. ![]() The most superior forms of 2FA that are viable now include physical tokens with no use of OTPs or, if that’s considered too difficult for users, OTPs generated solely by apps. An intermediate improvement is to use phone-based apps with no fallback to SMS. Sites that allow stronger forms of 2FA but offer SMS- or call-based 2FA as a fallback should take notice. The upshot of all of this is that SMS-based 2FA is better than no 2FA at all, but only minimally so. (An attack disclosed in March that used a Chrome feature to trick users into divulging the secret material on their physical keys no longer works.) This form of authentication is far superior to SMS- and even app-enabled 2FA because the secret can’t be phished, divulged, or intercepted. REDDIT PASSWORD CREATOR CODEA cryptographic key embedded in the device then sends a code that provides the second form of authentication. After a user enters the correct password, sites that are configured to support security tokens will require the person to tap a button on the device. Advertisementįurther Reading This low-cost device may be the world’s best hope against account takeoversA far more robust mechanism for providing 2FA is the use of physical security keys that connect directly to the computer being used to log in. OTPs are also vulnerable to phishing and social engineering attacks, as long as the attackers enter the codes quickly after obtaining them. Still other interceptions are the result of exploiting decade-old weaknesses in the SS7 routing protocol that carriers around the world use to ensure their networks interoperate. In other cases, the interception is the result of compromising the mobile account because it’s protected by a password the subscriber used on a different site that was breached. In 2016, the chief technology officer of the US Federal Trade Commission had her number hijacked this way. One is by obtaining control of a target’s cell phone number, often by calling the cellular provider or going into a retail store of the provider and impersonating the subscriber. ![]() SMS-transmitted OTPs are susceptible to a variety of attacks. “We point this out to encourage everyone here to move to token-based 2fa.” ![]() “Already having our primary access points for code and infrastructure behind strong authentication requiring two-factor authentication (2fa), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept,” Reddit officials wrote. The 2FA protecting the Reddit accounts, however, relied on OTPs sent through SMS messages, despite reports over the years (such as this one) that make it amply clear they are susceptible to interception. More secure yet, the 2FA is in the form of a cryptographic token sent by a security key attached to a device logging in. In most cases, the extra step is the entering of a one-time password (OTP) that’s sent to or generated by a mobile phone. Further Reading FTC’s chief technologist gets her mobile phone number hijacked by ID thiefWednesday’s post said that the breached employee accounts were protected by 2FA, which typically requires people to take an extra step beyond entering a password when accessing an account from a new computer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |