nostr:npub1gz8hsjvfh4mvz56zhjg87muy4kgm3gxlmv0ly3nrcudxfqc0rncqq3npzh mostly yes, or relatively simple social engineering - eg phone user and ask for MFA code. Definitely worth keeping an eye on new MFA devices and MDM enrolments.