Checking an SHA256 Hash

If you are on macOS the easiest way to check an SHA256 hash is run this command against the file you are checking (SHA256SUMS for example):

shasum --algorithm 256 --check --ignore-missing --warn --strict SHA256SUMS

where the hash file should look something like this

04f15c46e9d82ed36a351c1de1f9c17017c950f6d1b7233e5749440a41f141de *

This article explains how to verify it on macOS, Windows, and Linux.

I followed the directions for macOS and Windows and they worked correctly.

I didn’t test it out on Linux.

How to use SMS two-factor authentication “the right way”

Via genius Sami Laine:

Here’s what you should do:

  • Secure your high-value accounts with strong authentication. These include crypto wallets, key financial sites and email– and if you’re an influencer—Twitter, Instagram and the like. For these, if SMS is the only option, turn it off and use a strong password with a password manager instead.
  • For new accounts, always check for stronger two-factor alternatives before deciding if you should use SMS.
  • Use a password manager to create strong, unique passwords and to autofill them to protect against phishing attacks.
  • Finally, make sure to set up a security code on your cellular account today to reduce the risk of losing your account to SIM swap attacks.

A list of popular sites and whether or not they support two factor authentication

WebAuthn rocks, but you might feel that nobody uses it.

Fortunately, you are wrong!

Visit 2FA Directory: Global or 2Fa Directory: USA for a list of popular sites and whether or not they support two-factor authentication.

This site is pure gold: it gets you up and running with WebAuthn everywhere possible as quickly as possible. When the provider doesn’t provide it them contact them demanding it.

Here is their codebase: geniuses.

Learn How To Perform Man-In-The-Middle (MITM) Phishing Attacks In Three Minutes or Less

I can’t say much more than: wow.

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. –

Seriously great learning resource and kudos to Go Lang!

Just A Few Password Standards That Every Techie Must Know

If you don’t know them, then learn them.

Caffeinate → ruminate → schedule meeting → gesticulate → profit!

Just kidding, it is very valuable.