Dnia 20.11.2022 o godz. 12:16:59 Slavko via mailop pisze: > > Thank you for details. I think that now i better understand that, now i asume, > that particular SW is either outdated or that OTP phishing works only in some > cases, not generally.
By the way, 2FA was never meant as a tool to protect against phishing. It was only meant to protect against password leakage, ie. cases when someone (passively) gets to know your password. An example scenario is when there is a security breach at some online service, and a database of usernames and password hashes becomes public, then someone manages to de-hash (crack) your password. He still cannot login without the second factor. 2FA was not meant to protect against active credentials extraction, as in the case with phishing and a fake website. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
