|
|
|
|
|
|
by fragmede
1690 days ago
|
|
|
Two passwords - a master password, and a secret key. That secret key comprises the phone or laptop with 1password configured being the "something you have" for MFA because it's basically the same as the TOTP seed value/QR code - that secret key is only used by the user when setting up a new device - similar to when a new TOTP MFA is set up. |
|
|
Chaining just increases vulnerability.