|
|
|
|
|
|
by SpaethCo
2886 days ago
|
|
|
> Google and Apple both have mobile (non-SMS) based two factor prompts that seem equally immune to phishing? Any "type in a code" or "approve this login (yes/no)?" authentication factor is technically vulnerable. All the phishing site needs to do is proxy the authentication to the actual site in real time. These guys put together a great overview of the approach: https://www.wandera.com/bypassing-2fa/ |
|
|