logoalt Hacker News

d0100today at 12:08 AM1 replyview on HN

An employee just got phished by adding a number to a legitimate deviceAdd login route that bypasses 2FA and adds a device with full access to office and mail

Probably working as intended...


Replies

xorltoday at 12:19 AM

I always click NO to these, that's full human error. edit: The underlying issue is that they send a 2FA before asking for a password at all.