|
|
|
|
|
|
by awendt
4267 days ago
|
|
|
You get sent an OTP that expires after half an hour. So in order to attack someone, you need to gain access to your victim's e-mail account beforehand. Which is quite hard if if the victim has MFA activated. If you gain access to your victim's e-mail account, even if you find any passwords in there, you cannot use any of them because they are not working anymore. So it's not only a stronger, non-recycled password. It's: 1. an OTP 2. that expires very soon 3. that cannot be recycled 4. in a place that's likely to be well-protected EDIT: 5. that place (#4) is in widespread use This is beyond a "password manager" which barely covers #3 (it incentivizes not to recycle) – and maybe #4, if you're careful. |
|
|