Quote:
Originally Posted by Arnox
I'm not sure how a local trojan would have made 2FA not secure enough. Can you reset 2FA on NameCheap and it won't alert the 2FA device?
|
By riding on session. And here is how it works: let's say i have trojan on your PC, and i have access to your browser cookies. So, you login into system, using the 2FA device, and then i copy your cookie into my browser,and i get instant access. This works only as long cookie is valid, so if you click logout it wont work anymore, but if you leave browser without deleting cookie, it will be compromised.