|
|
|
|
|
|
by trynewideas
1245 days ago
|
|
|
> TOTP in Bitwarden (or 1Password or KeePass) is an upgrade over SMS authentication in terms of both security and convenience. The article makes a similar point: >> Among the people I’ve “interrogated” about sufficiently securing their online accounts were few who proudly said they’ve adopted a Password Manager and… they’ve copied their favorite password that they’ve been reusing all over the place into the Password Manager. And now they use the Password Manager’s web browser extension to paste the same password into each login form. Well, the only thing they’ve gained is a false sense of security. >> However, if they do add a 2nd factor of authentication, even if that’s a TOTP managed by the same Password Manager, they do end up in a much better place. Now, looking back at the attack scenario I described above, their leaked password is not enough to log into other online accounts. Yes, they are still vulnerable to a scenario where their Password Manager account gets popped and the TOTP secrets are revealed. But still, their security posture has improved a lot! |
|
|