|
|
|
|
|
|
by ajanuary
4668 days ago
|
|
|
It's certainly better than just a password, and as you say is a nice balance between usability and strong passwords. However, I'd be careful about thinking of it as any sort of 2-factor authentication and wouldn't bestow any of the advantages of 2-factor auth on your scheme. A static secret, no matter how complex, doesn't really prove ownership because multiple people can trivially have a copy of the secret at the same time. So you don't have a knowledge and a physical factor, just a convoluted knowledge factor. Better than just a password, but don't let it g e you a false sense of security. |
|
|