Comment on Proton releases a new app for two-factor authentication
theherk@lemmy.world 3 weeks agoI don’t view it as simply compromised or not. How a password is compromised is relevant. The vast majority of issues aren’t somebody gaining access to your logged in machine. Passwords are nearly always compromised from a server mishandling data.
That means in most cases 2FA near a password is not likely to be an issue. I’m not saying I recommend it, but it does change the risk evaluation.
pulsewidth@lemmy.world 3 weeks ago
Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. It’s not just services mishandling their data that people should consider as likely vectors.
I do agree about evaluation - it doesn’t matter much with stuff like a forum account that has 2FA, but I certainly wouldn’t put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It weakens your protection if something does go wrong.