this post was submitted on 08 Jul 2023
23 points (100.0% liked)

Apple

17451 readers
246 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago (3 children)

I feel like that defeats the purpose of 2fa.

[–] [email protected] 6 points 1 year ago

I agree for the most part but it doesn't entirely defeat the purpose. If someone got a hold of your password for a website it would still protect you. And let's be honest, that's the most likely scenario. But yes if someone got into your password manager then it's completely game over. A scenario where having a separate 2fa device would still protect you.

[–] [email protected] 2 points 1 year ago

It defeats the purpose in the scenario that your vault is stolen and decrypted. But it still protects you in the much more likely scenario that a data breach exposes your password somewhere else.

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago) (1 children)

It definitely defeats the purpose. If you store them together there’s only one factor!

Things you know, have, or are.

It just becomes two things you know.

[–] [email protected] 4 points 1 year ago (1 children)

Password managers do have two factors: the vault (have) and the master password (know).

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Those factors need to be separate to be factors.

[–] [email protected] 1 points 1 year ago

It depends on your password manager and sync method. With most if I take all your devices away from you, you can’t go to any public computer and access all your passwords using only what you know. You need to have one of your physical devices.