Hacker News new | ask | show | jobs
by scrollaway 1665 days ago
When you sign in to a website from your phone using a saved password and use that same phone for 2fa, it's pretty much the same thing.

The whole meme that saving the 2fa seed to password managers is a bad idea needs to die. Most of the advantages of 2fa are still present when using a password manager.
1 comments
jfrunyon 1659 days ago
It's the other way around. Literally all of the advantages of using 2FA are not present when you store both factors together.
link
scrollaway 1659 days ago
You are wrong. The primary advantage of 2fa is the OTP part, which wards against keyloggers and password reuse.
link
jfrunyon 1658 days ago
Unless of course the keylogger also has access to the OTP.

If your device is compromised, your device is compromised.

It doesn't matter what the advantages of 2FA are. You don't have 2FA ("two-factor authentication") if your factors are stored together.

link