MFA doesn’t really help much in the case of a tech illiterate person though, since TOTP codes can be phished just like username and password can. A scammer that calls them will just ask for the code in addition to the username and password.
My employer uses Yubikeys with FIDO2/WebAuthn for two factor auth, but that’s probably too complex for a non technical person to figure out (even if it’s basically just “press the button when it tells you to”).
MFA doesn’t really help much in the case of a tech illiterate person though, since TOTP codes can be phished just like username and password can. A scammer that calls them will just ask for the code in addition to the username and password.
My employer uses Yubikeys with FIDO2/WebAuthn for two factor auth, but that’s probably too complex for a non technical person to figure out (even if it’s basically just “press the button when it tells you to”).
Well, TOTP prevents at least these attack vectors, even for tech-illiterate people:
With TOTP there must be at least some contact between the “hacker” and the victim.