Y
Hacker News
new
|
ask
|
show
|
jobs
by
fnl
3441 days ago
> They capture the 2FA code
How can that be done? That's between my phone and Google, so how can they "listen in" on that?
1 comments
putlake
3441 days ago
The phishing site will ask you for your 2FA code and then enter it on the real Google login page.
link
fnl
3433 days ago
Hmm, but that gets us back to "stage one": For that to work, you have to ignore your URL-bar...
link