undefined | Better HN

0 pointsAachen1y ago0 comments

See also the considerations mentioned in the sibling thread btw: https://news.ycombinator.com/item?id=41793846

> even if they got your password, if they don't have access to your password manager they can't login.

Wouldn't the same argument go for a non-2fa password? What's the difference between a randomly generated 2fa secret and a randomly generated password here?

0 comments

account421y ago

An eavesdropper able to intercept connections could record your password in transit but would only get the current 2FA token which quickly becomes useless. But with TLS eavesdroppers are not a realistic concern for most people so the actual benefit is still questionable.

j / k navigate · click thread line to collapse

0 pointsAachen1y ago0 comments

See also the considerations mentioned in the sibling thread btw: https://news.ycombinator.com/item?id=41793846

> even if they got your password, if they don't have access to your password manager they can't login.

Wouldn't the same argument go for a non-2fa password? What's the difference between a randomly generated 2fa secret and a randomly generated password here?

0 comments

account421y ago

j / k navigate · click thread line to collapse