|
|
|
|
|
|
by TrueDuality
2533 days ago
|
|
|
If they can inject server code, they can bypass 2FA entirely. They don't need your 2FA code they'll just skip that part of the authentication. The same goes for passwords, but with passwords there is the potential of additional value on other sites that haven't been compromised so those are always worth collecting. |
|
|
It’s true that 2FA wouldn’t protect you from having your account compromised immediately, but that’s not what happened.