[jetpackjoe]

Doesn't keeping the seed remove the whole point of one time passwords?

If an attacker steals at TOTP, its only good for (I think) less than a minute. If they steal the seed, its good forever.

[horsawlarway]

Vaulting the seeds is fine - IMO.

They aren't accessed often, are not used during your normal login flow, and provide you a recovery mechanism that actually works.

Yes - you should store them as securely as you can, but I'd say this is better than disabling 2fa entirely, which seems like the other sane approach.

[stingraycharles]

I think that’s the point, and why “very secure” is quoted.

[Sebb767]

> Doesn't keeping the seed remove the whole point of one time passwords?

You need to keep the seeds anyway to generate OTP codes. They are just keeping them in their vault in addition to keeping them in their OTP app.

As long as those storage methods are sufficiently secure, it's not a problem.

[hot_gril]

Yes. A lot of the common solutions to making TOTP more user-friendly defeat it. You might as well just use single-factor auth with a strong random password stored in your manager, which is what I do.

[wslh]

Well, we should move to multi-party computation when you can distribute secrets between different devices with redundancy and security.

[blibble]

the point is to have a second factor

which isn't really destroyed by having a printout of what you entered onto your phone somewhere secure

(now if you store both in your password manager: that completely defeats the point)

[gonehome]

It doesn’t.

The threat model is someone gets your password, not somebody gets access to your password manager.

If the latter is your threat model then yes having your 2F in there is worse, but really the former is the more common thing to protect against and the tradeoff of not having 2F in your 1Password and getting locked out because your phone breaks is worse than the risk of having it in there.

It’s similar to the tradeoff of having a nano yubikey always in your laptop or a large one on your keys. For most people the nano is better (though you should have a second one in either case)

[hot_gril]

If you're using a password manager, you probably have one-time secure passwords, so the only probable way someone gets it is by stealing your password manager.

[gonehome]

This isn't accurate - they don't get access to multiple stuff.

- Site0 leaks your password because they store it poorly.

- It's just one password, but it's still leaked.

- You have 2F in 1Password so even though it's picked up in an account list the attacker can't login.

- Weeks later you learn there was a breach.

This is the common case for most accounts and breaches. Though the sites most likely to leak are also ones unlikely to have 2F so it's not perfect.

[hot_gril]

So the attacker gets access to the plaintext passwords but not the rest of the database or the ability to skip the 2FA server-side, and the site doesn't notice. Guess I can see that happening still, since the password DB is likely separate.

[hot_gril]

Er, not one-time use passwords, I mean the password is only used on one website.