24Nis
Does Google 2-step verification protect user from session hijacking?
After signing in Google 2-Step verification scenario, user should enter verification code which sends to his mobile. Without it, he couldn't access to Gmail account.
Consider an attacker does session hijacking. Can attacker access to Gmail account if attacker uses hijacked session? Or he will stop at entering verification code?
UPDATE: Attacker does session hijacking after user enters verification code.
