New Update Proton launches free standalone cross-platform Authenticator app

[piquiteco]

I'm truly sorry if I offended you in any way, that really wasn't my intention. My intention was to show you (and others) there's no really need for doing so much backups. If anything, saving data on multiple locations can make you more vulnerable to any data leak. Same goes for using multiple security software (which I saw some of members here use); more software = more security bugs.

Don't worry, you didn't offend me at all. I'm participating in the MT forum here to learn good security practices, not the opposite. Advice is always welcome. I was exaggerating unnecessarily, as you said. Exactly, you said it all. The more applications and unnecessary AVs, the greater the attack vector. As with browser extensions, use only what is necessary, if possible, none at all would be even better.

We should all keep our PCs and online accounts safe. What we shouldn't do is lose our heads with hypothetical scenarios that would (or could) never happen. If we constantly think negative thoughts and made up scenarios (like what ifs), we live in constant fear. And I don't know about anyone here, I like to live my life care-free, without thinking about stuff that are out of my control.

Yes, I know... I'm getting on the nerves of God and devil saying here how there are tiny chances of any of us get hacked. But it's the truth. Anyone not believing this should just ask themselves:

We came a long way regarding security and hackers eventually gave up on targeting individuals because there are bigger fish in the pond. I'm not kidding; ransomware used to target everyone. Today it almost exclusively targets businesses, as hackers realized we, average people, don't care if we lose something; no one will pay them. Same attitude can't apply to businesses which, if they don't have a backup, have no other options than pay.

I personally haven't saw a malware for more than 10 years for sure, maybe even longer. I never had any of my online accounts broken into or any of data leaked (I don't count my spam e-mail address whose purpose is exactly this). And I believe my philosophy took a huge part here.

That was a good one, @Marko :)

I was just leaving to get some rest. Good evening, good morning, or good afternoon! Thanks for your advice. Best regards!

 

[Gandalf_The_Grey]

Proton fixes Authenticator bug leaking TOTP secrets in logs

Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared.

Last week, Proton released a new Proton Authenticator app, which is a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS.

The app is used to store multi-factor authentication TOTP secrets that can be used to generate one-time passcodes for authentication on websites and applications.

Over the weekend, a user posted in a now-deleted Reddit post that the iOS version was exposing TOTP secrets in the app's debug logs found under Settings > Logs.

Proton fixes Authenticator bug leaking TOTP secrets in logs

Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared.

www.bleepingcomputer.com