![]() ![]() Imagine Facebook stored passwords in plain text (tsk tsk). They cannot use previous TOTP code, and they do not have the TOTP seed to generate new one. Imagine you have Facebook password and Facebook TOTP seeds.Ī bad actor spies your Facebook password over your shoulder.īut when they try to login, they are prompted for TOTP code. In both cases below, 2SA provides just as much security as 2FA You see above how storing 3rd-party passwords and 3rd-party TOTP seeds together (in password manager) makes it “same factor”, unlocked by the same method: something you know, i.e. ![]() Something you have (a security key, a phone/device with TOTP seeds).Something you know (a password, a TOTP seed).That’s why it’s called 2-factor.Ī factor is not “another password”. A different factor would be something different than your master password. unlocked by single master password) downgrades them from 2FA to 2SA. Having your 3rd-party account TOTP seeds stored in Bitwarden, unlocked by the same method as your 3rd-party account password (i.e. They both offer increased security, but they are not the same. A lot of times these are used interchangeably. ![]()
0 Comments
Leave a Reply. |