One-time passwords can always be man-in-the-middle'd, since there's no way for the user to determine whether or not there is someone in the middle snooping their OTP and password. The phishing attack only has to deceive the user into entering their password and their OTP, both of which can then be forwarded to the real login page behind the scenes.
Still, OTP is considered better than SMS because of attacks on the mobile infrastructure that allow bad guys to potentially receive your SMS messages, whereas the OTP code is generated directly on your device. Hopefully, WebAuthn <https://www.w3.org/TR/webauthn-2/> gains traction, making passwords irrelevant by allowing devices to maintain a secure authentication key for each website within a trusted execution environment such as Apple's so-called "Secure Enclave." Regards, Ken On Sun, Nov 20, 2022 at 4:20 AM Slavko via mailop <mailop@mailop.org> wrote: > Dňa 19. novembra 2022 17:07:22 UTC používateľ Ken Simpson via mailop < > mailop@mailop.org> napísal: > > >Not all 2FA approaches are equal. The most robust 2FA systems are ones in > >which both the service and the second-factor client robustly authenticate > >each other. Two-way authentication eliminates the possibility that someone > >can sit in the middle of the second-factor exchange to gain access. > > > > ... > > Thank you for details. I think that now i better understand that, now i > asume, > that particular SW is either outdated or that OTP phishing works only in > some > cases, not generally. > > regards > > > -- > Slavko > https://www.slavino.sk/ > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > -- Ken Simpson CEO, MailChannels <https://www.mailchannels.com/?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Website> Facebook <http://bit.ly/2dnoP3K> | Twitter <http://bit.ly/2ehoWni> | LinkedIn <http://bit.ly/2dw87lU> | Help Center <https://mailchannels.zendesk.com/hc/en-us?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Help%20Center> Our latest case study video: watch here! <https://www.youtube.com/watch?v=psb41xDIL9k>
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
