Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The second factor does not have to be a second device. Like everything security, it’s what you’re protecting against.

It doesn't matter if you store your 2FA seed on a billboard or as a tattoo where the sun doesn't shine: 2FA means two factors. The definition doesn't change when your home setup's threat model doesn't call for 2FA and you thus decide to store two secrets in the same place (making a compromise of one necessarily a compromise of the other, thus 1FA)



> making a compromise of one necessarily a compromise of the other, thus 1FA

The only necessity is logical necessity, and it doesn't apply there.


You're saying you can store two pieces of information in one file, without a compromise of one implying a compromise of the other? Do elaborate


GP stated:

> The second factor does not have to be a second device.

Now, you are talking about two pieces of information in single file.


This is so wrong. You’re conflating where things are with what they are. Two factors does not mean two devices.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: