New: here's how the White House is going to try and stamp out phishing across the U.S. government. Forcing agencies to stop SMS, app-based 2FA. Move entirely to phishing-resistant 2FA like hardware keys. A significant task, an official told me vice.com/en/article/93yemz/w…
4
40
5
138
The OMB is particularly worried about phishing that is automated, cheap, and scalable. Those phishing sites that, say, interact with the real site in an effort to make stealing 2FA codes easier. Why they need phishing-resistant 2FA instead vice.com/en/article/93yemz/w…

1:20 PM · Oct 15, 2021

3
7
0
14
Replying to @josephfcox
The root issue here IMO is the password model Would now be a good time to try & sell them on the idea of moving beyond passwords to something like SQRL or WebAuthn ?
0
0
0
0
Replying to @josephfcox
Brb, making a Evilginx2 phishlet that will work with hardware 2fa. I'm sure it's just as easy as a sms based 2fa bypass.
0
0
0
0
Replying to @josephfcox
Yeah, but right-click-view-source-is-hacking
0
1
0
1