How do websites protect against 2fa replay attacks?
I’m imagining a scenario where an attacker can read traffic between a user and a server. The attacker grabs the user’s password and the 2fa code they used. The attacker then logs in with that information before the 2fa code e… Continue reading How do websites protect against 2fa replay attacks?