|
|
|
|
|
|
by geofft
2668 days ago
|
|
|
For my threat model (and I suspect for most people's), access to copy files on my laptop implies access to install active malware on my browser sessions, i.e., it's already game over. If you don't have that access, then a file on my laptop is in fact something I have. (I have a few things I intend to be survivable across a total laptop compromise, but they're special-case things like credentials that can upload code that will be run by a few thousand people. They're not protected by regular website 2FA. For regular websites, a browser compromise would almost always let you wait until I'm logged in, then disable 2FA and change both the email address and password on the account, at which point it's irrecoverable.) |
|
|