Except in practice you have both factors on the phone (unless you don't use the phone for anything else than .. phone and an authenticator? that just never happens)
so, no, you just need to think about it a little while longer.
> Except in practice you have both factors on the phone
What do you mean by this? I'm not doubting you, but I'm still a bit confused -- currently taking a Security course, so I'm a newbie in the field.
Do you mean that if the phone is compromised (and you don't know its compromised) that once you input your password (the "what you know") the system is broken? Certainly, I can see that.
I may still be misunderstanding, but if you don't store your password(s) on your phone, then does it prevent this attack?
What do you mean by this? I'm not doubting you, but I'm still a bit confused -- currently taking a Security course, so I'm a newbie in the field.
Do you mean that if the phone is compromised (and you don't know its compromised) that once you input your password (the "what you know") the system is broken? Certainly, I can see that.
I may still be misunderstanding, but if you don't store your password(s) on your phone, then does it prevent this attack?