A penetration testing tool published by Polish security researcher Piotr Duszyński can bypass login protections for accounts protected by two-factor authentication (2FA). In his write-up on the tool, (which is dubbed Modlishka, meaning “mantis” in English), he asked, “is 2FA broken?” It’s a question that’s worth exploring…