To all the people telling me this will never happen, and I should stop trash talking 2FA (TOTP, SMS, etc *not* U2F). Please read this, then kindly apologise. https://twitter.com/josephfcox/status/1075391745502924801 …
-
-
Now if they could mimic 2FA prompts remotely on the parties device, in real time, and intercept a code... that is powerful (a la Blizzard’s authenticator)
-
Uh, that is exactly what they can do.
- 7 more replies
New conversation -
-
-
If you are fooled into thinking an authentication view is served by a hacker, then yeah, trivially easy. But that is hard. Universally people will fall for it, but if you know a bit about this attack vector it is much easier to avoid.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.