|
|
|
|
|
|
by Beldin
1837 days ago
|
|
|
Since your own computer will typically have the vault unlocked, you don't need a+b+c. You can suffice with a circa 2000s Sony Music cd. Or any driveby malware, or malvertisement, etc. Using the 2nd factor on another device as the first means attackers need to either compromise 2 devices, or compromise a single point higher up in the hierarchy (e.g., your google account). |
|
|
If there’s malware on your PC that has complete access to your system memory you are screwed in every single way possible. I’m perfectly comfortable with having my OTP coupled with my passwords given this is the only real attack vector and requires an actively unlocked vault to expose secrets.
If this is the case, what’s stopping the malware from adding a key logger and MITMing your input to your bank’s website, Gmail or Coinbase?