|
|
|
|
|
|
by felixfoertsch
396 days ago
|
|
|
To me, this totally depends on your threat model. Generally, a one-time password is an additional security measure that prevents someone from going to a website and simply using obtained credentials (eg from a leak) or brute-forcing them. An attacker needs the second factor. If you store your 2FA secret alongside your password in a password manager, you still gain protection from these attacks. And it's very convenient. However, you also increase your attack surface: if they break into your password manager, your done. If your threat model allows it (mine does), this is still very secure and also very convenient. |
|
|
I know many people who still reuse passwords, which certainly have been leaked, and are probably protected only by 2FA.