Comment by dogacel
5 days ago
I haven't mentioned MITM attacks in this article thoroughly. Can you give some examples on what authentication implementations carry a MITM risk?
I thought anything carried over SSL doesn't have a _significant_ MITM risk.
Not sure about emails (probably reasonably secure, I think most MTAs use TLS now).
For text message codes though, there’s plenty of attacks. In authoritarian regimes, government can monitor your text messages directly – I think some protestors in Belarus have lost their Telegram accounts due to this. There’s also the SIM swapping attack, where an attacker pretends to be you and ports out your number: https://en.wikipedia.org/wiki/SIM_swap_scam