Comment by InitialBP

Comment by InitialBP 6 days ago

3 replies

View on Hacker News

https://news.ycombinator.com/item?id=44259556

I posted another comment explaining why 1Password Vault with both a password and a OTP code is still secure, but in short it does not defeat the purpose. Your vault's are protected and in the situation where someone gets access to your vault it's most likely to be full access to your computer at which point they have other viable methods to get access to a specific service you use.

jascha_eng 6 days ago

Isn't the whole point of 2fa that if someone gets access to my computer they can't do shit because they'd need my phone too?

Reply View 2 replies
  • InitialBP 6 days ago

    The “whole point” of 2fa is that even if someone knows your password they cannot login with just credentials.

    Compromising or stealing a device is a significant escalation from guessing passwords.

    Reply View 1 reply
    • 0cf8612b2e1e 6 days ago

      It is also more obvious when your device has been stolen vs just the password.

      Reply View 0 replies