top | item 8447800

(no title)

awendt | 11 years ago

You get sent an OTP that expires after half an hour. So in order to attack someone, you need to gain access to your victim's e-mail account beforehand. Which is quite hard if if the victim has MFA activated.

If you gain access to your victim's e-mail account, even if you find any passwords in there, you cannot use any of them because they are not working anymore.

So it's not only a stronger, non-recycled password. It's:

1. an OTP

2. that expires very soon

3. that cannot be recycled

4. in a place that's likely to be well-protected

EDIT: 5. that place (#4) is in widespread use

This is beyond a "password manager" which barely covers #3 (it incentivizes not to recycle) – and maybe #4, if you're careful.

discuss

No comments yet.