Comment by BobaFloutist
3 days ago
Isn't that just remembering two passwords instead of one? And isn't two passwords instead of one basically the same as remembering one very long password?
For that matter, how do they prevent you from using the same password for both?
https://news.ycombinator.com/item?id=44259556
I posted another comment explaining why 1Password Vault with both a password and a OTP code is still secure, but in short it does not defeat the purpose. Your vault's are protected and in the situation where someone gets access to your vault it's most likely to be full access to your computer at which point they have other viable methods to get access to a specific service you use.
Isn't the whole point of 2fa that if someone gets access to my computer they can't do shit because they'd need my phone too?
The “whole point” of 2fa is that even if someone knows your password they cannot login with just credentials.
Compromising or stealing a device is a significant escalation from guessing passwords.
1 reply →