• Anas
    link
    18 months ago

    Doesn’t using the same service for password management and OTP defeat the purpose of 2FA?

    • haui
      link
      fedilink
      18 months ago

      Its a pretty tough decision what to use for this imo since technically, you‘re right. Then again, you already have to log into your os and unlock the password safe to get the passwords or the otps.

      The reason why mfa is done is if your password leaks you are not completely effed. You can obviously use a second selfhosted service with a different password but chances are most people would rather use something easier.

      Also, passkeys work the same way. They work if you are logged into a device. That way you get no additional password except you can only use it from the device in question.