top | item 22445122

(no title)

v01dlight | 6 years ago

It's bad practice sure, but to say that it "completely negates the entire point of two factor authentication" is ignoring the main attack password managers are good at defending against: credential stuffing.

Example: If LinkedIn leaks my password, attackers can't use it to gain access to my Gmail because (thanks to the help of a password manager) I use different passwords for all sites. They also can't use it to gain access to LinkedIn because I have 2FA turned on. Even if my OTPs are saved in my password manager, they would need my master password for that.

And if they have someone's master password, they're probably screwed whether or not they have OTPs in their vault because they likely have credit card numbers, addresses, social security numbers, etc in there too.

discuss

No comments yet.