Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
MFA doesn’t really help much in the case of a tech illiterate person though, since TOTP codes can be phished just like username and password can. A scammer that calls them will just ask for the code in addition to the username and password.
My employer uses Yubikeys with FIDO2/WebAuthn for two factor auth, but that’s probably too complex for a non technical person to figure out (even if it’s basically just “press the button when it tells you to”).
MFA doesn’t really help much in the case of a tech illiterate person though, since TOTP codes can be phished just like username and password can. A scammer that calls them will just ask for the code in addition to the username and password.
My employer uses Yubikeys with FIDO2/WebAuthn for two factor auth, but that’s probably too complex for a non technical person to figure out (even if it’s basically just “press the button when it tells you to”).
Well, TOTP prevents at least these attack vectors, even for tech-illiterate people:
With TOTP there must be at least some contact between the “hacker” and the victim.