We replaced passwords with something worse (blog.danielh.cc)

submitted 1 day ago by lemmydev2@infosec.pub to c/pulse_of_truth@infosec.pub

6 comments fedilink hide all child comments

Comments

you are viewing a single comment's thread
view the rest of the comments

[-] Canconda@lemmy.ca 3 points 1 day ago

An attacker can simply send your email address to a legitimate service, and prompt for a 6-digit code. You can't know for sure if the code is supposed to be entered in the right place. Password managers (a usual defense against phishing) can't help you either.

I don't understand. Is the email already compromised? Gmail requires 2 factor authentication via android to log into your email on new devices so there's that.

[-] melmi 6 points 1 day ago

No, this is a phishing attack. Attackers create a fake website that asks for your email. You give your email, then they relay that address to the legitimate service. The legitimate service sends you an email with a code. The fake service asks for that code. If you give it, they then own your account.

[-] Canconda@lemmy.ca 2 points 1 day ago

Ah thank you. Makes much more sense.

this post was submitted on 07 Aug 2025

5 points (100.0% liked)

Pulse of Truth

1446 readers

170 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth@infosec.pub