MITM Framework to steal Login Credentials + MFA
- https://github.com/kgretzky/evilginx2
Bombarding User with MFA push notifications until eventual acceptance
- This applies to MFA that sends to mobile, or requests a phone call and accepting with a key.
FIDO and WebAuthn provides Phishing immunity
- https://sec.okta.com/articles/2020/04/webauthn-great-and-it-sucks
- FIDO is short for “Fast IDentity Online”. The FIDO Alliance is an open industry association with hundreds of member companies, working to create authentication standards to help reduce the world’s over-reliance on passwords.