When I go on to 2FA, I get a QR code. That’s just a long string. I can save it on my phone, save it on my computer in my password manager, and it can just as easily be stolen. I also get a bunch of “recovery codes” that I can again downoad and store in a password manager, right next to my password.
So it seems like a 2FA code can be stolen just as easily as password. If that’s true, how does it actually increase securit compared to, say, not allowing the user to pick their own password and just generating a long secure one for them?
In: Technology
2FA involves something you know and something only you have. I could tell you my ATM PIN code for Bank of America is 5971. But that doesn’t do you any good because you don’t have my card. I also could tell you my Google email and password. That won’t let you into my account either because you don’t have my phone. If you tried to log in with my credentials, you still need to wait on me to tap yes on a notification on my phone to let you in.
Latest Answers