Comment by treetalker
Comment by treetalker 6 days ago
I imagine you've considered it already, but maybe your work would be willing to put the 2FA secret into something like 1Password, which you could access on your computer instead of your phone.
Comment by treetalker 6 days ago
I imagine you've considered it already, but maybe your work would be willing to put the 2FA secret into something like 1Password, which you could access on your computer instead of your phone.
It does not defeat the purpose of 2FA as possession of the decrypted 1Password vault is the second factor.
Isn't that just remembering two passwords instead of one? And isn't two passwords instead of one basically the same as remembering one very long password?
For that matter, how do they prevent you from using the same password for both?
https://news.ycombinator.com/item?id=44259556
I posted another comment explaining why 1Password Vault with both a password and a OTP code is still secure, but in short it does not defeat the purpose. Your vault's are protected and in the situation where someone gets access to your vault it's most likely to be full access to your computer at which point they have other viable methods to get access to a specific service you use.
Well i'm assuming 1Pass is also storing the password. Ie if it's in the same place for your pass and token, it's 1FA, no?
Defeats the purpose of 2FA though. I'd argue a cheap 2FA-only phone would be good, if they're struggling to touch their real phone without being consumed by distractions.