[ma2rten]

Google requires its employees to use a security key for access to all internal systems including admin tools, source code and email. Every since google started enforcing this policy the number of successful phishing attacks has gone down to basically zero.

[londons_explore]

I believe the Twitter attack involved tricking a user into installing proxy software on their machine (to be in twitter's internal network).

If that is the case, that same proxy software could proxy the security key requests too.

[tdhoot]

That can be prevented by restricting the software that can be installed on employee machines.

[c00ls0sa]

WFH has caused many companies to ease up on restrictions involving location, ip, and sometimes a broader need for software. Granted, nobody should be this easy to bamboozle, but I get why now more than ever this may have been an issue.

[Thorrez]

If there's malware involved I don't consider that phishing. Although some would debate that.

[Thorrez]

Did you reply to the right comment?