Two factor authentication is meant to keep the bad guys out .. but does it?Take a G-Suite login process for example .. what if:Google user enters Gmail-username gullible and password 1234 into the bad-guy websitebad-guy uses these credentials to log into Google, gets prompted for text code, and passes this request on to gulliblegullible enters text code onto bad-guy websitebad-guy completes Google login and immediately changes account setup to lock out gullibleAny thoughts?
↧