Comment by unshavedyak
3 days ago
Well i'm assuming 1Pass is also storing the password. Ie if it's in the same place for your pass and token, it's 1FA, no?
3 days ago
Well i'm assuming 1Pass is also storing the password. Ie if it's in the same place for your pass and token, it's 1FA, no?
No the two factors are something you have and something you know. Not something you have and another thing you have. In this case decrypting the vault requires two factors.
In my view the factors are attach vectors. If i wrote both my token and my pass down on a single sticky note, it's 1FA. If i have them on two stickies stored in two locations, it's 2FA.
Though i have no idea, that's just how i internalized it over the years. In your 1Pass example, it's a single attack vector (the password of my 1pass) to compromising both the token and the password of the product/server/thing.
How many feet apart do the two sticky notes have to be before it’s 2FA? :)
1 reply →