Even with MFA enabled, it is possible to bypass these protections with a man-in-the-middle attack