Does Two Factor Authentication (2FA) prevent Phishing and/or Man-in-the-Middle (MITM) attacks?


While 2FA is clearly an improvement over only a single factor, is there anything which prevents an adversary presenting a convincing sign-in page which captures both factors?

I realise that technically a MITM attack is different to a Phishing attack, though at a high level they’re very similar — the user is inputting their credentials into an attacker-controlled page and the attacker can then input the credentials onwards into the real page.