|
|
|
|
|
|
by jorvi
294 days ago
|
|
|
> There is no added benefit to 2FA if you store the 2FA secret next to the password when both are generated securely Over this entire thread you keep repeating this, and you're so confidently wrong. If a hacker (or shoulder peeper) gets my password to a site without a TOTP, they can login. 1FA. If I also use a TOTP adjacently, the hacker can't login and the shoulder peeper has a window of 30 seconds. Its 2FA. Storing critical TOTPs in your password manager is bad practice and thus bad 2FA, but its still 2FA. |
|
|