Hi,
are there any guesses on breaking Two Factor Authentication?
The only attack point i considered till now was a csrf changing the second factor device. Btw, are there sms inbox accounts on the net?
Is tfa simply making xss-cookie stealers more complex so that they all have to do an csrf from now?
greetz sf0x