Quote Originally Posted by Komarimono View Post
So, the only way to be able to hack said account, would require the PC and Phone to both be compromised, and the phone to instead somehow get a screen capture of the token key after being displayed.
Unless the 'hacker' had something picking up the information on the pc, allowing them to log in immediately as soon as the user typed in the one time password. That of course means the actual account owner wouldn't be allowed to login though since the one time password would have been used by the 3rd party.