Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail Group breaches SMS-protected accounts. It's still testing attacks against 2fa apps December 13, 2018 https://arstechnica.com/information...-protections-offered-by-yahoo-mail-and-gmail/ The Return of The Charming Kitten A review of the latest wave of organized phishing attacks by Iranian state-backed hackers December 13, 2018 https://blog.certfa.com/posts/the-return-of-the-charming-kitten/
I completely agree that the 2FA methods that were mentioned are not secure enough. I still think that 2FA should be processed by the device itself via the CPU. But this means that you can only use your own machines (registered devices) to login to sites. Tools like YubiKey can provide access on other machines. https://www.pcworld.com/article/322...wo-factor-authentication-from-your-phone.html