Scenario: user is required to use MFA.
User has once logged into userportal and scanned the QR Code.
User thinks that's all and forgets to click "proceed to login" to verify the QR Code against the userportal.
On the firewall in MFA I can now see the user has a token and I think, all is fine & secure.
Now at a phising attack with stolen credentials, someone else could login with the users credentials on the firewall userportal and is presented the same QR code and can finish the MFA verifiy process.
Nobody will notice it's not the real user logging in.
So I'd like to know how I can check from the UI or shell if a MFA token has been verified?
Useful would also be a time flag for last used on the token to find zombie tokens.
Is this possible?
Edited TAGs
[edited by: Raphael Alganes at 3:40 PM (GMT -8) on 13 Feb 2025]
Quote