[FFmpeg-devel] [PATCH] doc/infra: List at what companies the name servers are hosted and who provides the servers

Michael Niedermayer michael at niedermayer.cc
Wed Nov 27 23:38:24 EET 2024 

Hi

On Wed, Nov 27, 2024 at 10:20:07PM +0100, Michael Niedermayer wrote:
[...]
> > > Also even when SMS is not used as 2FA, ownership of phone and email
> > > can sometimes be enough to reset a password & 2FA
> 
> i did actually look into this a few months ago
> and the authenticator often isnt helping you. Some providers will
> reset your password if you proof possesion of the associated
> phone and email. And claim you lost the phone with the authenticator
> 
> The alternative for the provider is to not give you your account back
> if you loose the phone with the authenticator on it. Some do, yes
> but some will reset your password if you proof possession of some
> other 2nd factor like your phone even if thats not enabled as 2FA.
> 

> Iam not 100% sure but i think paypal is one where this can be done

Now we dont need paypal for the domain or server but this is just
an example on how little the authenticator helps with some services

https://www.paypal-community.com/t5/Managing-Account-Archives/Lost-2FA-Authenticator/td-p/2128895

    1. Go to https://www.paypal.com/us/smarthelp/contact-us
    2. Click Password and account access
    3. Click Login problems
    4. Click "Message us"
    5. Click "Chat with us about your password issue"

    Immediately state that "I switched phones and lost my authenticator app. Can you help me remove it please?"

    Make sure you have the following details ready:

    - Your PayPal email
    - Last 4 digits of bank account / credit cards on the account
    - Mobile phone number (and have the phone in front of you)

    They will send you a one-time text with a code to verify you.

    Note: I had to try 3 times before an agent did this for me. Do not expect it to work on the first attempt. Just move on to the next person if you get one who is unwilling to help.


And yes, you need 4 digits of the bank account in the example above
but if you have access to the email, chances are theres a email with
it somewhere or it maybe shown in another account you can compromise with
phone+email

PS: iam happy to talk more about security as this genuinely interrests me
but not sure how on topic this is

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Complexity theory is the science of finding the exact solution to an
approximation. Benchmarking OTOH is finding an approximation of the exact
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20241127/e06e2d0f/attachment.sig>

More information about the ffmpeg-devel mailing list