Am 24.06.24 um 13:53 schrieb Guinevere Larsen:
On 6/24/24 5:08 AM, Miroslav Suchý wrote:
Dne 24. 06. 24 v 9:48 dop. Mattia Verga via devel napsal(a):
IMO, having the token stored in your password manager means going
from 2FA to 1FA effectively ;-) if someone gets access to your
password manager vault, all accounts will be compromised.
Only if you use the same password manager for both: password and OTP.
It still makes it 1FA. If all you need to get the OTP is know which
password managers the user uses, and what is the password for that
passowrd manager, OTP goes from being a "something you have" type of
authentication factor, to a "something you know" authentication factor,
which is the same factor as the password. Multi factor authentication is
not about steps, is about what you need to complete the authentication
challenge (something you know, something you have, or something you are).
One could argue that the "password manager file" is the "something you
have" thing.
Kilian
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
