top | item 44821424 (no title) SethMurphy | 6 months ago Can you explain this more, I don't understand Google authenticator completely? Could a bad actor spoof a 2FA as they can with an email, and capture your input? discuss order hn newest delusional|6 months ago The attacker would just ask you for the TOTP code and forward that to Google. jddj|6 months ago In practice it's maybe slightly harder, because they'd have to convince a user to enter their google 2fa code into a site that isn't obviously google?I'd imagine a convincing enough modal would do the trick though, in a lot of cases. load replies (2)
delusional|6 months ago The attacker would just ask you for the TOTP code and forward that to Google. jddj|6 months ago In practice it's maybe slightly harder, because they'd have to convince a user to enter their google 2fa code into a site that isn't obviously google?I'd imagine a convincing enough modal would do the trick though, in a lot of cases. load replies (2)
jddj|6 months ago In practice it's maybe slightly harder, because they'd have to convince a user to enter their google 2fa code into a site that isn't obviously google?I'd imagine a convincing enough modal would do the trick though, in a lot of cases. load replies (2)
delusional|6 months ago
jddj|6 months ago
I'd imagine a convincing enough modal would do the trick though, in a lot of cases.