Why is the following impossible (or even difficult):
- I am duped by a phishing link and enter my login info
- The phishing site enters my login info to the real site (where I have 2FA enabled) and copies the encryption challenge while I sit waiting for the web page to load
- The phishing site presents the encryption challenge to me and I decrypt it
- The phishing site now enters the decrypted token and has access to my account
Is that why all the markets have Captchas? Seems like a committed phisher could just sit at his computer and do this manually when someone falls for the fake link.
This hasn't happened to me, I'm just wondering why we put so much stock in 2FA.
/r/DarkNetMarketsNoobs