Most Google 2 factor these days is done through an app asking for you to tap to confirm on your smart phone. No numbers pass because it's all done through machine-to-machine calls.
-
-
Wait, is it possible you think Matt and Jo are talking about touching a U2F device? That is secure, I think they're talking about apps that popup "click to confirm you're trying to login", obviously you are trying to login (to a phishing site) so you would click yes.
-
Oh, I see. I meant the general idea of pressing a button that does crypto stuff, which could be in an app, or it could be a U2F device. Hence the confusion. If all the app does is tell you a number that you then use on the phishing site, then indeed that is not very secure.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.