Is it safe to store OTP tokens on the same device? Even if app is encrypted and locked with passcode?

  • Extras
    link
    fedilink
    English
    4
    edit-2
    1 year ago

    Honestly a big debate, so it really depends on your threat model. Lots of people even keep their totp seeds within their password manager which basically defeats 2fa imo, but it’s highly convenient. Personally I keep my totp seeds seperated in a sandboxed user profile.

    • @[email protected]
      link
      fedilink
      English
      9
      edit-2
      1 year ago

      It only defeats 2FA from a standpoint of someone gaining access your PW manager. But for everything else like a service getting hacked and leaking your passwords for it, the 2FA will still do its job fine.

    • 𝒍𝒆𝒎𝒂𝒏𝒏
      link
      fedilink
      English
      21 year ago

      I store my totp seeds in a separate, rarely used password manager, which then follows me on an “emergency USB” - hopefully something I won’t need to use at all