Comment by BobaFloutist

Comment by BobaFloutist 6 days ago

4 replies

View on Hacker News

Isn't that just remembering two passwords instead of one? And isn't two passwords instead of one basically the same as remembering one very long password?

For that matter, how do they prevent you from using the same password for both?

InitialBP 6 days ago

https://news.ycombinator.com/item?id=44259556

I posted another comment explaining why 1Password Vault with both a password and a OTP code is still secure, but in short it does not defeat the purpose. Your vault's are protected and in the situation where someone gets access to your vault it's most likely to be full access to your computer at which point they have other viable methods to get access to a specific service you use.

Reply View 3 replies
  • jascha_eng 6 days ago

    Isn't the whole point of 2fa that if someone gets access to my computer they can't do shit because they'd need my phone too?

    Reply View 2 replies
    • InitialBP 6 days ago

      The “whole point” of 2fa is that even if someone knows your password they cannot login with just credentials.

      Compromising or stealing a device is a significant escalation from guessing passwords.

      Reply View 1 reply
      • 0cf8612b2e1e 6 days ago

        It is also more obvious when your device has been stolen vs just the password.

        Reply View 0 replies