Quote:
Originally Posted by rowan
If the phish site acts as a man-in-the-middle proxy, relaying everything between you and the real site, then when you enter your user/password/2FA through the phish site
|
Sure thing but it makes it a lot more difficult and 2FA is only good for one login so its going to severely limit the damage if you access through a phish link.
Quote:
|
The only way I can think to defeat this would be IP-based restrictions, with the registrar requiring further authentication action if you attempt to log in from a previously unseen IP.
|
Good idea. The problem with GEO IP is that it's not very accurate. Once that is solved, you could also limit people by country and that would enhance security greatly.