Most people need access to their password manager through their smartphone. Having an external TOTP generator do not help much if said system also allow fallback to calling or sending an SMS, which most do in case TOTP generator is lost.
So in many case 2FA is broken unless you decorelate access to app/password and sim card, which mean accessing your apps/systems through a second device instead of your main phone such as another simless phone, laptop, ipod touch, or tablet. Most people would never do that for conveniency reason...But in that case the same search rules/laws apply to second device anyway so it doesn't change anything to the core issue.
prmoustache|2 years ago
So in many case 2FA is broken unless you decorelate access to app/password and sim card, which mean accessing your apps/systems through a second device instead of your main phone such as another simless phone, laptop, ipod touch, or tablet. Most people would never do that for conveniency reason...But in that case the same search rules/laws apply to second device anyway so it doesn't change anything to the core issue.