undefined | Better HN

0 pointshedora3y ago0 comments

Username and password:

Factor #1 - Thing you have: encrypted password vault.

Factor #2 - Thing you know: password to said vault.

Of course, this is only 2FA from the user's perspective. Meddling websites cannot ensure that you didn't memorize their password, or write it down unencrypted.

0 comments

2 comments · 1 top-level

thealchemistdev3y ago· 1 in thread

Multifactor authentication is a combination of 2 or more of the following factors.

- Something you know: password.

- Something you have: your phone or a physical key.

- Something you are: Biometrics (finger-print, eye pattern, gait of your walk, etc.)

Using 2 passwords, such as the case of knowing the password to your vault of passwords, is only 1 factor.

alexchamberlain3y ago

I think the GP was implying that the vault would store a random string, which would be unreasonable for anyone to possibly guess. This isn't either of the factors - just a proof you had both of them.

The 2 factors are then the vault itself and the vaults password.

It should be noted, though, this is significantly weaker than "real" 2FA, as normally that would involve some sort of challenge, rather than just storing a hard secret.

j / k navigate · click thread line to collapse