|
|
|
|
|
|
by corvec
1244 days ago
|
|
|
If you use the browser extension, it provides resistance against phishing attacks because the password and TOTP won't auto-populate. It doesn't help against sophisticated MITM attacks at all - for those you need U2F / WebAuthn. It helps against brute force attacks but how much it helps depends on the service. If your service prompts for a 2FA code when provided with an incorrect password, then it helps a lot. If an attacker receives confirmation that they have a correct password before needing to enter the 2FA code, then it helps less. |
|
|