When I go on to 2FA, I get a QR code. That’s just a long string. I can save it on my phone, save it on my computer in my password manager, and it can just as easily be stolen. I also get a bunch of “recovery codes” that I can again downoad and store in a password manager, right next to my password.
So it seems like a 2FA code can be stolen just as easily as password. If that’s true, how does it actually increase securit compared to, say, not allowing the user to pick their own password and just generating a long secure one for them?
In: Technology
> I get a QR code
That QR code will be different each time and only the latest will work (or they have a time limit).
> that I can again downoad and store in a password manager, right next to my password.
There’s also nothing stopping you from writing all your passwords into a tweet, but we rightly consider that to be an issue of “the user is a complete moron”. This is a related concept.
Latest Answers