23andMe admits hackers stole raw genotype data - and that cyberattack went undetected for months | Firm says it didn’t realize customers were being hacked::Firm says it didn’t realize customers were being hacked

    • JDubbleu@programming.dev
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      8
      ·
      edit-2
      10 months ago

      Look, I’m as ready as anyone to jump on companies for mishandling data. I work daily with extremely private medical information protected by an ungodly amount of laws, and it pisses me off how whimsical most companies are with customer data. This one wasn’t exactly their fault though. If you use the SAME EMAIL AND PASSWORD across multiple different sites it’s not site B’s fault when site A gets hacked and your login information is attempted on site B. It’s also not even that surprising given people willingly giving up information this private aren’t exactly the most privacy literate.

      Could they have enforced multi-factor 2FA? Sure, and it would’ve mitigated some of the damage. However, I think we can all reason that they probably had the same password for their email and phone provider. Hardware keys aren’t cheap, and most people just don’t have them. It’s also pretty reasonable that it would take a super long time to figure out someone logging in with a username and password was “hacked”.

        • KᑌᔕᕼIᗩ@lemmy.ml
          link
          fedilink
          English
          arrow-up
          6
          ·
          10 months ago

          Everyone already has the hardware for 2fa in their pockets too. This was simply a decision this company made to minimise barriers to their customers wallets.

        • sir_reginald@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          6
          ·
          10 months ago

          I’m all for security, but god I hate forced 2fa. I’m a power user with a password manager that generates 64 characters long random passwords, different for each site. I don’t want to be bothered to take my phone every time I want to login.

          • Saik0A
            link
            fedilink
            English
            arrow-up
            2
            ·
            10 months ago

            Use a password manager that also does totp.

            • /home/pineapplelover@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              10 months ago

              If this guy is this lazy then this might be a good option? Bitwarden comes with one included but I still use a separate app (Aegis) and my yubikey.

              • sir_reginald@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                10 months ago

                If this guy is this lazy

                I try to keep my fingers in my keyboard as much as possible and having to take out my phone is just a waste of time. I do not need 2fa. Let me do my own security.

                Maybe requiring 2fa for passwords shorter than 60 characters would be a good solution. Most people would use 2fa but people with strong passwords can live without it.

                • /home/pineapplelover@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  10 months ago

                  I highly disagree with not having 2fa. Even having one in your password manager, allowing you to not take fingers off of keyboard is better than nothing.