Hacker News new | past | comments | ask | show | jobs | submit login

Yes, if the attack vector you're trying to close is a compromised keyboard/network/terminal and not a stolen-while-unlocked device.

"Catching" one 2FA code doesn't let you compromise someone's account.

Losing (or having compromised) the hardware running your password manager while that password manager is unlocked is a totally different thing from logging into a web site once from a library computer.




> Yes, if the attack vector you're trying to close is a compromised keyboard/network/terminal and not a stolen-while-unlocked device.

however, not having the TOTP key in your password manager would also protect against malware on your machine running the password manager from gaining access to your account.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: