1/9/2024 0 Comments 1password 7 add 2faSo you have to decide your own risk profile. I should say that because mobile devices are in general architecturally more locked down than desktops and laptops, if your laptop is breached but your auth app is on your phone, you're still in principle secured. If you use a 2FA generator on your mobile device, then total compromise of your mobile device including sniffing your 1Password master-password is still likely to lead to the attacker to be able to get your password (from 1Password) and the OTP from your authenticator app. (A central breach of 1Password would be quite complex to achieve, and with the Secret Key feature, even having your encrypted data and master password would not be enough to gain access.) Total compromise of your device could allow someone - if they've keylogged your 1Password master-password - to open 1Password and get your Reddit password and OTP (and your other credentials). by a keylogger), or it's compromised at the server (malicious SSL cert, or say Reddit has a breach and the data that leaks includes your password in a form that's recoverable), the attacker would be prevented from using your Reddit password because they didn't steal the ability to generate new OTP responses If your Reddit password is compromised when you enter it (e.g. The main valuable protection you keep is: What benefits do you keep when using 1Password for your 2FA codes, and what benefits do you lose, when you do that? For ease of discussion, let's say we're talking about your Reddit password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |