When I go on to 2FA, I get a QR code. That’s just a long string. I can save it on my phone, save it on my computer in my password manager, and it can just as easily be stolen. I also get a bunch of “recovery codes” that I can again downoad and store in a password manager, right next to my password.
So it seems like a 2FA code can be stolen just as easily as password. If that’s true, how does it actually increase securit compared to, say, not allowing the user to pick their own password and just generating a long secure one for them?
In: Technology
Malicious person tries to log into your account, but 2fa needs you to approve from your phone/needs a code from an app on your phone. Boom, they can’t get in cause they dont have your phone. Works with email too, as long as you dont have the same password there.
E: i dont know about qr code 2fa, all my accounts use app or email authenticators, but in general making it harder/more work to compromise your account is what its about.
Latest Answers