Consider if you only ever use your FIDO U2F key, but for emergency recovery purposes have your phone or a TOTP registered.
If you never lose your key and only use that key, and you never use the TOTP or phone method, then are you safe from MITM attacks?
|