Joe Brockmeier (@jzb)Sep 23, 2024

Authenticating to a website, 2010: Type in username and password

Authenticating to a website, 2024:
- Type in username
- Look up 20-character password in password keeper
- wait
- Prompt for 2FA token
- Dig out phone
- Unlock phone
- Scroll through 50 services to find 2FA token for website
- Type in 2FA token
- Success
- Receive email alerting you to the fact you've logged in
- Six weeks later: receive email telling you service had been compromised eight weeks ago and you must change password.

Show threadalexSep 24, 2024
@jzb bitwarden skips the totp steps tho. it copies the token after filling the password
Show threadJima Sep 24, 2024

@graphite @jzb I don't trust my password manager with my TOTP codes, and vice-versa.

(I may have trust issues. 👀)

Edit: ...is it really "multi-factor authentication" if all of the factors are stored in the same app? 🤔

Show threadBennett
@jima @graphite @jzb is it multifactor authentication if all the factors are stored in one app that also requires MFA? 
Sep 25, 2024 at 4:01amWeb