top | item 38597773

(no title)

smaccona | 2 years ago

They tackled the subject for sure, but my takeaway from that blog posting is not that storing your TOTP tokens in 1Password is “as good as” having separate hardware devices for password storage management and TOTP management, but rather that storing your TOTP tokens in 1Password (or any password manager) is better than not using OTP at all. This of course is definitely true, and a definite improvement in security. I think a sibling referred to it as “1,25x” as secure, which feels about right (on some non-linear scale where 2.0 represents two unique factors).

I don’t use a KeePass or similar device, and I do have my TOTP tokens on my phone (using the great OTP Auth app, no affiliation), but I do most of my work on a computer so I toyed with completely removing password management from my phone and just having the OTP app there. I haven’t committed to that that yet though. Another option is to use a cheap device such as an iPod Touch for OTP, though those are probably more expensive than a dedicated OTP device (I just happen to have one lying around unused).

discuss

No comments yet.