Comment by udev4096
2 years ago
Well, phishing attacks are still prevelent and it's still at the top for compromising credentials. And phishing attacks have evolved. Most of them will hijack your session, which will make TOTP useless (FIDO will protect you tho)
I just don’t buy the argument that because most sophisticated attacks exist, then 2FA isn’t useful.
2FA protects you from someone getting access to a leaked password. They still can’t connect even with user and password, without doing a very elaborate hack. That’s a huge benefit.