To all the people telling me this will never happen, and I should stop trash talking 2FA (TOTP, SMS, etc *not* U2F). Please read this, then kindly apologise. https://twitter.com/josephfcox/status/1075391745502924801 …
-
-
I see what you mean. My only thought was that this relies on the phishing bit. In the case of something like Blizzard, I've been the victim of false 2FA requests, and have rejected these requests because of a few indicators that would be very easy to mitigate as an attacker.
-
As an example, Blizzard 2FA requests also include the location of the request. Modify this to be in the same location as the victim, and I think you're much more likely to dupe people.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.