Broken 2FA login schemes

The second factor, especially if it is a phone number, is a significant risk of espionage, since bad actors with access to the telephone networks, SMS, unencrypted email or other second factor authentication channels can learn you are logging into a financial site, especially if the second factor is unencrypted or unsecured. Or if the online thieves learn you carry a physical security dongle when they attempt to log in without the security code, and then they know to send a pickpocket or cat burglar to rob you in person or at your home to seize the second factor.

Nice. Expose all the thievery for courthouse prosecution and lower lip with the extra security codes, but it's too complicated for the jury to understand to get a conviction on it, and ultimately nobody else cares if your identity is stolen.

FBI 2FA Bypass Warning Issued — The Attacks Have Started

Don’t say the FBI didn’t warn you — the new 2FA bypass attacks have started.

ForbesDavey Winder

FBI Warning Issued As 2FA Bypass Attacks Surge — Get Prepared

You have been warned, by the FBI no less, that 2FA bypass attacks are surging — get prepared now if you are in the transportation sector or supply chain.

ForbesDavey Winder

Scattered Spider is a financially motivated cybercriminal organization heavily associated with The Community, a well-known yet loosely knit hacking collective. “Through strategic alliances with major ransomware operators ALPHV, RansomHub, and DragonForce,” the Reliaquest report said, Scattered Spice [sic] has been able to gain access to the tools it needs.

"Scattered Spider" (a.k.a. "Scattered Spice") is lesbian or women's prison talk that sounds like there's a gang of queer female jailbirds at work.

"The Community" (understood of course they are gay or LGBT if they call themselves "The Community" without further qualification) is a disgusting trope of certain mob bosses, pimps, madams, drug dealers, car and boat thieves, cyberbullies, shadowy leaders, philanthropists and other "pillars of the community" on Wikipedia, Reddit, Stackexchange, Github, SourceForge and various "moderated" free and open source software sites. It's incredibly shameful that so many online "communities" allow white collar criminals and establishment nightclub-oriented sex offenders to legitimize themselves like that.

Tokens, dongles? One time pass codes? Aren't we being roughed up and shaken down for money a bit much ​in the grand wholesale scheme of things here? Even a decent button-up shirt or blouse that isn't torn or filthy, and we're being accused of finery, robbed in court for wearing it, and shoved out naked on the street.

Where does all this financial "dressing down" artistry come from ultimately anyways?

The cards, the poker chips, the cash money are all lying on the table within easy reach and in clear view of the public.

"Security" as such isn't going to happen until the thieves are locked up in prison. And regardless of who you are, you have to go to bed, sleep at night, or whenever you sleep if you work the night shift, and at that point "security" is in God's hands or left up to somebody else.

It's a universal law that a changing of the guard must take place at a certain hour of the night shift on the clock, whether it's formal uniformed paid duty with tall fur hats and long bayonet rifles or you own anything worth stealing and you're just watching out for your own stuff, and things go bump in the night.

FBI warns travelers of Scattered Spider cybercriminal group

A sophisticated hacker group known as Scattered Spider began targeting major airline systems in a series of cyberattacks, putting passengers’ personal information at risk, the FBI warned.

Daily MailKelly Garino

FBI Issues Airline Cybersecurity Warning

The agency raised the alarm over the group Scattered Spider

InsideHookTobias Carroll

What action does FBI intend for us to take on being served with these warnings of its own inability to control serious organized crime?