|
|
|
|
|
|
by kpcyrd
2772 days ago
|
|
|
You can't reliably fix this as a website. You can try to resolve this on the client by using the websites origin as part of the 2FA challenge (which is what U2F does) but ultimately there's no good, universal solution for this. It's also important to note that 2FA was never meant to solve phishing, it was meant to solve password reuse. Phishing is still pretty much unsolved. |
|
|