- cross-posted to:
- mullvad@lemmy.dbzer0.com
- cross-posted to:
- mullvad@lemmy.dbzer0.com
Cross-posted from: https://sh.itjust.works/post/19987854
We have previously highlighted the importance of not losing your account number, encouraging it to be written down in a password manager or similar safe location.
For the sake of convenience account numbers have been visible when users logged into our website. This had led to there being potential concerns where a malicious observer could:
- Use up all of a user’s connections
- Delete a user’s devices
From the 3rd June 2024 you will no longer be able to see your account number after logging into our website.
- “Hiding account numbers”. Mullvad. 2024-05-27. Mullvad Blog (https://mullvad.net/en/blog/2024/5/27/hiding-account-numbers).
- Archive
MFA kinda defeats the purpose of Mullvad. The less they know about you the better.
6 digit totp is totally anon
A FIDO2 hardware key should do the trick. Not all MFA are based on communications.
You could use open time based codes