|
|
|
|
|
|
by moviuro
2890 days ago
|
|
|
> 2FA over mobile phone Still vulnerable to phishing. If you include a convincing iframe, your attacker can store your TOTP, and use it from their machine. U2F relies on the domain of the page you are currently browsing, so the code can't be used by another party on the real site. And if you were thinking about SMS... vulnerable to any attack on the mobile network + phishing + ... |
|
|