this post was submitted on 05 Dec 2024
7 points (88.9% liked)

Security

5072 readers
1 users here now

Confidentiality Integrity Availability

founded 5 years ago
MODERATORS
[email protected]
7
Does two-factor authentication with TOTP make sense in my case? (lemmy.ml)
submitted 3 weeks ago by [email protected] to c/[email protected]
5 comments fedilink hide all child comments
 

I store my mechanically generated passwords in 1Password. And I do not use the password in any way.

In such a case, does it make sense to activate TOTP? In my immature opinion, TOTP is only effective if you are using the same password for multiple websites. If this is incorrect, could you please tell me when TOTP would be useful?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 3 weeks ago

In general TOTP is recommended when offered. Aside from what other people are bringing up about added security when using password authentication, many sites use TOTP in the account recovery process when a password is forgotten. This is an old example, but in this case, attackers were able to do a forgot password for Gmail which sent a recovery email to an Apple email address, which the attackers were able to access. Had Mat been using MFA for Gmail, the attackers would have been prompted to provide an MFA code before the recovery email would be sent, thwarting the attack.