Does it? What stops them from MITM-ing your answer on the first screen to get th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		apendleton on May 14, 2015 \| parent \| context \| favorite \| on: Google latest sign-in update is making a lot of pe... Does it? What stops them from MITM-ing your answer on the first screen to get the trust image for the second screen? (In a way that's meaningfully different than the single-screen version, I mean, so not HTTPS certs.)

_jgvg on May 14, 2015 [–]

As TFA mentions, it only shows the image if logging in from a known IP or device, so the MITM won't have access to it, unless of course they can hijack your device or connection, but that's orders of magnitude harder than setting up a fake login page.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact