Hacker News new | ask | show | jobs
by latexr 3001 days ago
This kind of defeats the point of 2FA. With your current setup, if anyone accesses your vault and gets your password they also get your 2FA key.

At that point it’s no longer two-factor, it’s just two steps in the same authentication.
1 comments
AGKyle 3001 days ago
We've written about this in the past, see a blog post by our chief of security here:

https://blog.agilebits.com/2015/01/26/totp-for-1password-use...

Hope that clears things up for both of you. Let me know if you have any questions though!

Kyle

AgileBits

link