this post was submitted on 05 Jun 2024
44 points (76.8% liked)
Open Source
31060 readers
590 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Your two factors shift to possession of your password vault + knowledge of the password to it. You're okay IMO.
You also still get the anti-replay benefits of the OTPs, though that might be a bit moot with TLS everywhere.
You're right, I should have been more specific.
If you're already storing your password using
pass
, you aren't getting 3 factors withpass-otp
unless you store the otp generation into a separate store.For services like GitHub that mandate using an otp, it's convenient without being an effective loss of 2fa to store everything together.