|
|
|
|
|
|
by eddythompson80
317 days ago
|
|
|
They are, which is one major issue with TOTP and most current MFA methods. There is an implicit assumption that you only get the full benefit if your usi g a password manager. 1. A password manager shouldn't be vulnerable to putting your password in a phishing site. 2. If your password is leaked, an attacker can't use it without the TOTP. Someone who doesn't use a password manager won't get the benefits of #1, so they can be phished even with a TOTP. But they will get the benefits of #2 (a leaked password isn't enough) Passkeys assume/require the use of a password manager (called a "passkey provider") |
|
|