Navigating 2FA Challenges on Secure Androids

Brent's computer pulls an all-nighter at the worst possible moment, and the hits keep coming for open-source Android distributions and our new 2FA tool.

Sponsored By:

• Core Contributor Membership: Take $1 a month of your membership for a lifetime!
• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• Toronto Meetup — Thursday, August 29, 2024 from 6:00 PM to 8:00 PM EDT
• Sacramento LUG Meetup — Saturday September 7th, 2024 from 10:00 AM to 2:00 PM PDT
• Anker PowerConf S330 USB Speakerphone
• Corsair Void RGB Elite Wireless Premium Gaming Headset
• Loss of popular 2FA tool puts security-minded GrapheneOS in a paradox
• GrapheneOS on X — Google can either permit GrapheneOS in the Play Integrity API in the near future
• GrapheneOS on X — If Authy insists on using it, they should use the standard Android hardware attestation API to permit using GrapheneOS too. Banning 250k+ people with the most secure smartphones from using your app is anti-security, not pro-security.
• GrapheneOS on X — Authy simply delegated checking device integrity to Google. It's Google choosing to block GrapheneOS users from using Authy. Google chooses to allow using a device with no security patches for the past 8 years but bans using an OS much more secure than the stock Pixel OS.
• Twilio kills off Authy for desktop, forcibly logs out all users
• GrapheneOS on X — Our latest release with prevention for most VPN app DNS leaks is currently available in our Alpha and Beta channels. We need more feedback from testing VPN apps and services with leak blocking toggled on, which GrapheneOS already enables by default.
• GrapheneOS on X — Our current approach to DNS leak blocking appears to work well without breaking compatibility. We've made progress towards fixing a related issue for some VPN apps where rare connections are made to VPN DNS outside of the tunnel. We can hopefully ship stricter enforcement soon.
• GrapheneOS on X — We've become aware of another company selling devices with GrapheneOS while spreading harmful misinformation about it to promote insecure products. We're making our usual attempt at resolving things privately. However, we need to quickly address what has been claimed regardless.
• Membership Summer Discount — Take $1 a month of your membership for a lifetime!
• How You Guys Expect to Beat Me?
• Blue Iris Container
• netbird — Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
• netbird on GitHub
• OpenZiti — Open Source Zero Trust Networking
• OpenZiti on GitHub
• Collapse OS — Bootstrap post-collapse technology
• Docker-OSX — Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.