Yeah, why wouldn’t the hacker wait until the user logged into their 1Password ma... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ec109685 on July 11, 2020 \| parent \| context \| favorite \| on: Disabling Google 2FA doesn't need 2FA if you're al... Yeah, why wouldn’t the hacker wait until the user logged into their 1Password manager start stealing passwords that way?

lordlimecat on July 11, 2020 [–]

It is easier to trick the user into starting a remote session Than it is to convince them to unlock their vault.

It's somewhat like getting someone to invite you into their home VS convincing them to open their fire safe in front of you. One of those sets off alarm bells.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact