[RegEx]

2FA is great, but it wouldn't save you here if you ask it to remember you for 30 days.

[ben1040]

It would have stopped someone from using a phished GApps credential from logging in to Google using it, though.

It sounds like one prong of the attack was to gain access to one employee's email, then use that account to send phishing emails to other employees. 2FA would have stopped that.

[err_badprocrast]

I wonder if it would be possible to phish 2factor while you're at it... Something like:

1- get target to enter google credentials

2- log into target's account using those credentials with a proxy/controlled IP that shows up nearby in geoip DBs

3- display a credible message, asking for 2factor code (something something DHCP something something more buzzwords - dummy mode on)

Any reason this wouldn't work?

[mig39]

Can you explain? I use 2FA and tell it to remember me on this device, right?

If a Syrian hacker phished my password, he wouldn't be able to login on his system, would he?

[RegEx]

You're completely right. I was too focused on the fact that 2FA doesn't text you every time you log in, meaning a 2FA user wouldn't find a google login prompt without a text code requirement abnormal. They couldn't login from their own machines - that's the whole point! Silly me.

[ihsw]

That feature is limited to the device you told it to 'remember' you on.