Hi all, recently i search in github projects to find some tools/templates for phishing messages as i want to train my colleagues (i am not interested in real phishing).
As result i found one Go project for that, but i found a lot of projects, which declares itself as for training/learning of course, with pished sites templates/copies and some of them declares, that they are able even to get 2FA OTPs. I have no links to them and i didn't inspect in details how it works as i am not interested in that. I only remember, that they catch OTPs too by some way in their site copies. But my curiousity grows with time in topic what 2FA solves then, thus i want ask about it here, in hope to better understand it. Please, can it be really as "simple"? If yes, then my inderstanding is, that 2FA doesn't solves leaked passwords problem, as asvertised by many sites, but it solves only that this problem will be selfsolved as token expires (week or two), without user's password changes. Is my understanding right? If yes, then 2FA is not holly grail of solving the SPAM & leaked passwords problem, as attacker can send a lot of SPAM via this phished account (ignore rate limiting for now) until OTP expires. Right? Or i miss something? thanks -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
