undefined | Better HN

0 pointsmdaniel3y ago0 comments

Just for your consideration, I'd bet good money that the 2FA only protects against login credential stuffing, but the vault data is only protected by your master password and can be attacked offline and indefinitely

0 comments

Sakos3y ago

I mean the individual accounts are protected by 2fa. I have an account or two where I know the password has been leaked but they're so unimportant that I can't be bothered to change the passwords. They still can't get in without my approval.

scarab923y ago

A lot of sites don’t limit total 2FA attempts, so a determined actor could still get in eventually.

Sakos3y ago

How difficult is it to brute force 2FA?

j / k navigate · click thread line to collapse

0 comments

Sakos3y ago

scarab923y ago

A lot of sites don’t limit total 2FA attempts, so a determined actor could still get in eventually.

Sakos3y ago

How difficult is it to brute force 2FA?

j / k navigate · click thread line to collapse