alt Hacker NewsThis is why properly working password managers are important, and why as a web site operator you should make sure to not break them. My password not auto-filling on a web site is a sufficient red flag to immediately become very watchful.
Code-based 2FA, on the other hand, is completely useless against phishing. If I'm logging in, I'm logging in, and you're getting my 2FA code (regardless of whether it's coming from an SMS or an app).
Replies
akerl_ • yesterday at 10:38 PM
How does this square with the fact that the tech savvy person in the post was phished despite using a password manager.
➕ show 4 replies
esseph • yesterday at 11:51 PM
Turn off autofill, it is exploited by modern attacks including tapjacking
the creator of https://haveibeenpwned.com got phished once (no kidding), and he uses a password manager.