After you enter the code and authenticate, the device is automatically linked to your account without ever handling your password directly. To conduct a device-code phishing attack, threat actors need ...