Multi-factor authentication was sold as the cure for phishing, and for a while it was. Then real-time proxy phishing, push-bombing, and SIM swaps caught up. The 2022 breaches at Twilio and Uber — and the Cloudflare attack that failed — were the field test. A threat-model walk through why only origin-bound MFA survives, and how to deploy it.
Mfa
-
Phishing-Resistant MFA: Why Everything Short of FIDO2 Is Living on Borrowed Time -
PAM Configuration Deep Dive How Linux PAM really decides whether you get a shell — the module stack, control flags, and the auth, account, session, and password phases — so you can read /etc/pam.d, add MFA or SSSD, and debug a silent login rejection.
-
YubiKey for SSH, GPG, sudo, and FIDO2 A YubiKey is five security tokens in one — FIDO2, PIV, OpenPGP, OATH, and OTP. How to route SSH, GPG signing, sudo, and browser logins through hardware so your credentials live on a key you tap, not a file on disk.