
Show HN: Twothy: 2FA Authenticator for CLI. Compatible with Google Authenticator - vedhavyas
https://github.com/vedhavyas/twothy
======
based2
[https://www.reddit.com/r/programming/comments/7q2ok2/twothy_...](https://www.reddit.com/r/programming/comments/7q2ok2/twothy_a_twofactor_authenticator_for_cli/)

------
akerl_
Can you elaborate on the threat model here? Having the second factor be stored
on the same device you're entering your password on, protected by a password
(another example of something-you-know), seems to counteract most of the
benefits of having TOTP.

~~~
stephenr
I think its largely about protection from remote attacks.

Its a kind of "only allow logins from this device". This doesnt solve all
problems definitely, but for some of us there is zero practical danger from
our location and much higher danger from geographically remote locations

