[necovek]

Not sure what's "normal looking" in the flow where you are supposed to dictate/type-out a TOTP code to someone while not being allowed to use it to attempt a log in (and that they have <60s to make use of). "Be quick and type me out your TOTP code from your phone before it changes, darn, that one didn't work, let's try again".

I also disagree it's that far fetched to get people who'd do that to also do whatever else you want them to.

And while SMS swapping is miniscule in comparison, the big difference there is that there is no signal at all that you are under attack. With phishing, there is no way you are not feeling something is at least a bit off, so you know to check soon after, even if you've been compromised.

[UncleMeat]

The phishing flow is precisely the same as the normal auth. You click a link. It takes you to evil.com that looks like your bank page. You type in your password. The system takes your password and starts an auth flow with the actual bank. You are shown a TOTP page. You type in your code. The system takes your code and completes the auth with your bank. This is 100% automated and the only observable different is the URL.

After this happens it takes you to a “something went wrong” page and has a link back to your real bank website.

With U2F this impossible because you cannot sign a message for bank.com when visiting evil.com.