|
|
|
|
|
|
by hvidgaard
3449 days ago
|
|
|
U2F prevents mitm attacks, which this is an instance of. Using Google standard 2FA and save the machine/browser for 30 days it would pop up and say you need your 2FA, which would be suspicious. With U2F it would say the service is unknown, which is equally suspicious. But my point was simply that it prevents the attack with only the login information, not that the attack can be futher refined to get your 2FA token. 2FA is a great way to know when you have to look at all the data to decide wether or not to give the token. For instance, I always double check the URL when I'm about to hand out a 2FA code. |
|
|