Sure "github", ill click on your link, this is obviously not a phishing attempt /s
@blacklight447 One way to prevent this kind of phishing site is by using a hardware security key. Authenticator-based OTP would fail, but not security key
Follow
@ewon_c ofcourse a hardware key would be better, on issue with those though is that they are easy to use, and hard to make backups from, so you have to consider what would be a more likely scenario: someone losing access by losong their key, or someone being tricked into filling in both their totp and password codes?
@blacklight447 indeed, real life scenarios are much nastier. One thing I found is that most sites offer OTP as an backup even if security key is enabled. My understanding is that you should use a security key if you can (to prevent phishing), if you cannot or lose it, you can still use OTP