Defeating Phishing-Resistant Multifactor Authentication
CISA is now pushing phishing-resistant multifactor authentication.
Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful.
zbigniew • November 9, 2022 10:16 AM
This is nothing new. Social engineering can be used to penetrate almost anything that requires user interaction.
Yet another PEBCAK issue.
That said, a useful reminder that technical solutions don’t necessarily solve non-technical problems.