TOTP codes are based on time and change every 30 seconds, unlike your static password. There are 4 main reasons why storing your 2FA inside your password manager is fine. Why Storing 2FA Tokens In Your Password Manager Is Not That Bad? If you boil it down to this simplest form, you would be correct not to store your 2FA in your password manager. If you keep your passwords with your 2FA and the attacker got to your passwords, they would also have your 2FA, and the 2FA would not be helpful anymore. The reason you have 2FA is if your 1FA, your password, is already known. Why Storing 2FA Tokens In The Same Place As Your Passwords Is Bad?
Instead of storing the tokens in Authy or Google Authenticator, many password managers allow you to save them and will also generate the code too. The app gets a shared secret out of the QR code and combines it with the current time to create a 6 digit code that changes every 30 seconds.
When you set up TOTP 2FA, you scan a QR code using an app like Authy or Google Authenticator. Another more secure version is app-based or also called TOTP. The most popular 2FA is the one you get by SMS. The something you have can be your phone. And for most people, keeping your 2FA tokens in your password manager is fine. In a perfect world, you should NOT keep your 2FA tokens in your password manager.īut we don’t live in that world, and the honest answer is a lot more nuanced. Storing your 2FA TOTP tokens in your password manager has become a hotly debated topic.
0 kommentar(er)
