|
|
|
|
|
|
by rejberg
2822 days ago
|
|
|
What do you mean by a MITM phishing attack? U2F credentials are tied to a particular domain, and so do not rely on the user making sure they are on the correct website. As such, they are not susceptible to typical credential phishing attacks. |
|
|
This is assuming an owned machine. Not the easiest attack but still possible. Obviously things like Google Authenticator (while good) are even more susceptible to MITM phishing.