Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jjnoakes
on Oct 25, 2016
|
parent
|
context
|
favorite
| on:
We Got Phished
If you are a MITM you don't have to prompt non-2fa users for 2fa. You just replay their credentials, live, on the real site, and if the real site is asking you for 2fa, then you ask the real user for their 2fa.
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
