In addition to capturing regular passwords, man-in-the-middle attacks can be used to intercept one-time passcodes offered by traditional two-factor authentication systems.

FORBES: Google Reveals Details About Its Plan To Fix Password Security