Post ARpnEtuXs0um3fkhEm by Matlink@mamot.fr
 (DIR) More posts by Matlink@mamot.fr
 (DIR) Post #ARpfCBawrl7GOymRv6 by jpmens@mastodon.social
       2023-01-20T10:20:41Z
       
       0 likes, 0 repeats
       
       Is there a consensus on whether it is better/safer to have TOTP generation done within the password safe (e.g. KeePassXC) or rather externally using a separate program (e.g. Authy)?
       
 (DIR) Post #ARpfCDWlgGxcOaq8gK by tyil@fedi.tyil.nl
       2023-01-20T11:01:17.098Z
       
       0 likes, 0 repeats
       
       @jpmens@mastodon.social Yes
       
 (DIR) Post #ARpnEtuXs0um3fkhEm by Matlink@mamot.fr
       2023-01-20T11:58:53Z
       
       0 likes, 0 repeats
       
       @jpmens 2FA supposes that you have 2 factors, i.e. something that you know and something that you have. Having both secrets on the same device violates this principle.
       
 (DIR) Post #ARpnEufL42LSOne4Aq by feld@bikeshed.party
       2023-01-20T12:31:02.839206Z
       
       0 likes, 0 repeats
       
       "Your self hosted password database which included the 2FA TOTP seeds getting stolen along with the password to decrypt said database" is only the threat model of people being hunted by state actors.
       
 (DIR) Post #AhypmYFiPsenPu6MkK by neon@fedi.neon.moe
       2023-01-20T10:26:58.147401Z
       
       0 likes, 0 repeats
       
       @jpmens I think TOTP in the password manager is a bit weird, it's not much of a 2FA at that point. More like 1FA with one more text box to fill out on login.
       
 (DIR) Post #Ai0Cj1WC9nu5823ZPU by neon@fedi.neon.moe
       2023-01-20T10:50:49.860174Z
       
       0 likes, 0 repeats
       
       @jpmens Good point! There might be a little more two-factoriness if they're behind different passwords on the same machine, but at least in the case of iPhones, there's face id that can get rid of that difference as well, hah.