When I go on to 2FA, I get a QR code. That’s just a long string. I can save it on my phone, save it on my computer in my password manager, and it can just as easily be stolen. I also get a bunch of “recovery codes” that I can again downoad and store in a password manager, right next to my password.

So it seems like a 2FA code can be stolen just as easily as password. If that’s true, how does it actually increase securit compared to, say, not allowing the user to pick their own password and just generating a long secure one for them?

In: Technology