Originally Posted by
MASTERNC
Our IT training just showed how someone can even avert the push notification 2FA by directing you to a bad website, capturing the cookie data fed back after the 2FA, and then pasting it into the web browser code. Nothing is perfect.
This is why state of the art for 2FA is U2F, which is also resistant to phishing attacks. This video explains how it works: