Programmer Humor

31324 readers

19 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 4 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

cat_programmer@lemmy.ml

831

The OTP you want to use was already used (lemmy.ml)

submitted 9 months ago by Dirk@lemmy.ml to c/programmerhumor@lemmy.ml

36 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] infinitevalence@discuss.online 155 points 9 months ago (28 children)

No and stop using SMS it's not secure.

[–] andreluis034@lm.put.tf 19 points 9 months ago (13 children)

Although it's true that you are increasing the attack surface when compared to locally stored OTP keys, in the context of OTPs, it doesn't matter. It still is doing it's job as the second factor of authentication. The password is something you know, and the OTP is something you have (your phone/SIM card).

I would argue it is much worse what 1Password and Bitwarden (and maybe others?) allows the users to do. Which is to have the both the password and the OTP generator inside the same vault. For all intents and purposes this becomes a single factor as both are now something you know (the password to your vault).

[–] Moosemouse@lemmy.sdf.org 3 points 9 months ago

This is why we require second factor on the password manager too, otherwise you’re exactly right.

load more comments (12 replies)

load more comments (26 replies)