You are viewing a single thread.
View all comments View context
2 points
*

I imagine you keep your password manager unlocked, or as not requiring 2FA on trusted devices then? Re entering 2FA each session is annoying

You still have the treat of viruses or similar. If someone gets access on your device while the password manager is unlocked (ex: some trojan on your computer), you’re completely cooked. If anything it makes it worse than not having 2FA at all.

If you can access your password manager without using 2FA on your phone and have the built in phone biometrics to open it like phone pin, finger or face, someone stealing your phone can do some damage. (Well, the same stands for a regular 2FA app, but meh, I just don’t see an improvement)

permalink
report
parent
reply
4 points

I went to see HR a month ago and they had a post-it of their password for their password manager. We use passkeys too.

And this was after security training.

permalink
report
parent
reply
1 point

😵 some people just don’t care

It’s their job though, not their personal life, so they might care less

permalink
report
parent
reply
3 points

If your secrets enter your clipboard, they are no longer secrets

permalink
report
parent
reply
1 point

You’re right if I get a virus I’m pretty cooked. Except I think to set 2fa up on the attacker’s device they’d need the phone authenticator to set it up the first time, so hopefully they couldn’t do it unless they used my computer remotely to login to websites.

But the password manager locks after 15 min and you have to put a pin in to unlock and decrypt.

I’m not sure what brute force mechanisms it has against the pin.

Re-entering the 2fa each session is annoying but it’s way better than having to do it on each individual site from my phone.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 14K

    Monthly active users

  • 13K

    Posts

  • 571K

    Comments