top | item 40889592

(no title)

> - Eavesdropping on you, doesn't happen because you use the password manager's autofill.

I rate this more likely and it’s one reason I still use TOTP stored in the same place as the password for other services.

A lot of sites are susceptible to cdn JavaScript compromises, and at least with TOTP stored in the same place as the password, a password replay attack has a very tight window of usability

discuss

No comments yet.