Device Code Phishing: How Hackers Are Bypassing MFA (And How to Stop Them)
Device code phishing is an attack technique that tricks users into handing over valid authentication tokens by abusing the OAuth 2.0 device authorization flow, allowing attackers to bypass multi-factor authentication entirely without ever stealing a password. The attacker generates a legitimate device code from Microsoft, Google, or another identity provider, then socially engineers the target…
