New, very good, Gmail phising atack in the wild

Kari said:

My point: let's say one of these days I do something stupid (it happens, take my word, depending on amount whisky I have consumed that day). Let's say I open a phishing site like this in question and enter my email address, password and a single use security code.

What happens? Nothing because that code was used and no longer valid. If the scammer would then contact Microsoft pretending to be me saying he / she has forgotten the password and phone was stolen but he needs to access the account, or clicked "I have forgotten password" and then selected "I can't access any of those" when the list of verification options would be shown, the account would immediately be locked for 30 days and I would receive an email about it to my primary verification email, plus a text message to that phone scammer told has been stolen. Those messages would contain a link for me to sign in, verify my identity, reset password and re-open the account.

Only if I would not react within this 30 day period would scammer gain access to my account.

Kari

If you use you code on phishing site, then it is still valid for actual gmail / MS site. In minutes after you are locked out of your account...

AndreTen said:

If you use you code on phishing site, then it is still valid for actual gmail / MS site. In minutes after you are locked out of your account...

I use authenticator app. The codes change every 30 seconds and are valid about a minute thereafter. Honestly, I do not have much fear about they being used.

Kari said:

I use authenticator app. The codes change every 30 seconds and are valid about a minute thereafter. Honestly, I do not have much fear about they being used.

Of course you don't have to fear...

This is from my previous respond to you...

This doesn't apply to you as you would never put info into that fields...

I'm only stating that average user could (and it already was successful) give his /hers code to phising site..

AndreTen said:

@TairikuOkami is experienced user and in my opinion can manage the threats in his own way. This could be only irresponsible to inexperienced users. They can get a lot of good conclusion from debates as this one :)

Whilst it is an admiral trait to defend an obvious acquaintance, it is stupidity of the highest order to defend information that could compromise the safety of anyone reading it believing he is an expert on the subject.

As to your knowledge on two factor authentication.....it is obvious Kari,s clearly explained workings have not registered with you.

dencal said:

Whilst it is an admiral trait to defend an obvious acquaintance, it is stupidity of the highest order to defend information that could compromise the safety of anyone reading it believing he is an expert on the subject.

As to your knowledge on two factor authentication.....it is obvious Kari,s clearly explained workings have not registered with you.

Or that my explanation of possible weakness reached you. I'm using it myself (2 step auth, that is)

Not that I'm defending anybody's behavior. I'm just recognizing it as human.

Edit. mystery to me dencal... why would you think of Tariku as my acquaintance? See his posts on forum and generally approve them...

AndreTen said:

Or that my explanation of possible weakness reached you. I'm using it myself (2 step auth, that is)

Not that I'm defending anybody's behavior. I'm just recognizing it as human.

Edit. mystery to me dencal... why would you think of Tariku as my acquaintance? See his posts on forum and generally approve them...

He is a member isn't he, so you are acquainted with his posted opinions, are you not, as I with yours.
Did I infer personal acquaintance ?

dencal said:

He is a member isn't he, so you are acquainted with his posted opinions, are you not, as I with yours.
Did I infer personal acquaintance ?

You pretty much did. Obvious in that statement pretty much implies it

As for the other part of your statement...

it is stupidity of the highest order to defend information that could compromise the safety of anyone reading it believing he is an expert on the subject.

I still think that debate and conclusions made from it are worth more than a single statement. And that average user of Ten Forums is capable of understand difference between safety practices of particular users...

An effort to get this thread back to the topic:

Not using Two-Step Authentication (also known as Two Factor Authentication, TSA, 2FA) to protect your online accounts is not only dangerous but also extremely stupid in todays online world full of scammers trying to get in to your accounts.

Kari said:

An effort to get this thread back to the topic:

Not using Two-Step Authentication (also known as Two Factor Authentication, TSA, 2FA) to protect your online accounts is not only dangerous but also extremely stupid in todays online world full of scammers trying to get in to your accounts.

As the word stupid became so popular with you and dencal, seems you are forgetting about fact, that defeating TSA is nothing new. Obviously you won't believe me, would you at least think about it if statement comes from security expert from IBM?

And again, I'm not saying that TSA isn't better than nothing, but thinking that you are invincible with it... now that would be stupid