|
|
|
|
|
|
by tptacek
3361 days ago
|
|
|
Code generators are indeed phishable, which is why your primary login factor is a U2F token. Meanwhile, because of the way phishing works, if you go log in of your own volition to your Google Mail account, the TOTP code provides about as much security as the U2F key does. The idea behind the U2F/TOTP stack is to minimize your exposure to phishing attacks and at the same time minimize (to practically zero) the odds of you being locked out of your account. It accomplishes that nicely, which is why most of the other experts we talk to have U2F/TOTP/backup-codes as their Google 2FA stack. |
|
|