|
|
|
|
|
|
by kstrauser
718 days ago
|
|
|
> I also don’t understand why password managers are starting to support storing totp. 1Password's had this for many years now. In a perfect world with users who followed the rules perfectly every time, a separate TOTP gadget is clearly better. In this world, a slightly less secure TOTP system that's convenient enough that regular people actually use it is vastly better than a perfect system that gets worked around. Analogy: NIST says to stop requiring periodic password rotations. In dreamland, users would use their password manager to create a new, ultra-strong, unique password every time. In reality, people tired of the rotation treadmill go from `SecurePassword!202406` to `SecurePassword!202407`. As a component, a separate TOTP generator is better. As a system, an integrated one is more useful. |
|
|