this post was submitted on 07 Nov 2024
1 points (100.0% liked)

cybersecurity

10 readers
1 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 1 year ago
MODERATORS
[email protected]
1
FIDO2 in Attacker in the Middle (AtiM) phishing scenarios (zerobytes.monster)
submitted 2 weeks ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 
The original post: /r/cybersecurity by /u/WhenTheRainsCome on 2024-11-07 20:37:58.

I'm updating my understanding and ability to communicate to non-technical folks on WHY hardware keys improve security. There are some classic scenarios like, you can't read your FIDO2 auth over the phone in a social engineering scenario like you can with an OTP.

I'd like to showcase how phishing-resistant MFA protects against an Attacker in the Middle scenario.

I don't operate a PhaaS platform, so I'm missing some of the tech details from the TA perspective, how far off base are the scenarios I diagrammed out?

Diagram

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here