Comment by unshavedyak
3 days ago
Defeats the purpose of 2FA though. I'd argue a cheap 2FA-only phone would be good, if they're struggling to touch their real phone without being consumed by distractions.
3 days ago
Defeats the purpose of 2FA though. I'd argue a cheap 2FA-only phone would be good, if they're struggling to touch their real phone without being consumed by distractions.
It does not defeat the purpose of 2FA as possession of the decrypted 1Password vault is the second factor.
Isn't that just remembering two passwords instead of one? And isn't two passwords instead of one basically the same as remembering one very long password?
For that matter, how do they prevent you from using the same password for both?
https://news.ycombinator.com/item?id=44259556
I posted another comment explaining why 1Password Vault with both a password and a OTP code is still secure, but in short it does not defeat the purpose. Your vault's are protected and in the situation where someone gets access to your vault it's most likely to be full access to your computer at which point they have other viable methods to get access to a specific service you use.
3 replies →
Well i'm assuming 1Pass is also storing the password. Ie if it's in the same place for your pass and token, it's 1FA, no?
No the two factors are something you have and something you know. Not something you have and another thing you have. In this case decrypting the vault requires two factors.
3 replies →