|
|
|
|
|
|
by written
2999 days ago
|
|
|
That's pretty good. It would require some serious gullibility to defeat. If it's active attack, attacker may send the second mail with the passcode and instruct the user to enter it. Though people are forwarding their second factor SMS confirmation codes for their banking accounts to attackers upon request, so it's not too far fetched someone would find a way to trick some users to enter it. Here's one study about the phenomenon (the N is basically zero, but this happens and banks are warning people against doing this): https://engineering.nyu.edu/files/VCFA_PasswordsCon15.pdf |
|
|