If you secure your devices with long alphanumeric passwords, secure your password manager with U2F / WebAuthn and an even longer alphanumeric pass phrase, and consistently enable TOTP 2FA, then you'll be more secure than the person who either uses it less consistently or who uses it on device Such a user may be less likely to use 2FA in a given app because it's less convenient. If the TOTP app has backups, then it's vulnerable.ĥ. They're likely logging into accounts on their phones and have the password manager and TOTP app on their phones as well.Ĥ. Their device may not be well secured, e.g., either not requiring auth to unlock it or only having a 4 digit PIN.ģ. Without a backup, they're suddenly unable to login to their accounts.Ģ. TOTP in Bitwarden (or 1Password or KeePass) is an upgrade over SMS authentication in terms of both security and convenience.įor most people, TOTP in a dedicated app is not actually much more secure:ġ.
I keep seeing this take and it's not a great one.
0 kommentar(er)
