Hacker News new | past | comments | ask | show | jobs | submit login

Unless the second factor is U2F, because the actual ___domain is handed to the U2F dongle by the browser and the authentication is tied to that.



Thanks - good point :)

But for the Google Authenticator and SMS - it would still be vulnerable.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: