Hacker News new | past | comments | ask | show | jobs | submit login

Only very marginally so. Or what would you say storing a (unique, long) password next to a TOTP hash actually achieves?



Well the totp (even in your passwd manager) defends against phishing I'd thought vs password alone.


For a "service based" password manager, sure. (It can prevent the service from ever handing over your encrypted database to an attacker.)

In a local password manager, it doesn't work like that. A challenge-response mechanism can help there, but the cost/benefit analysis looks pretty different there, IMO.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: