quchen parent
The second factor does not have to be a second device. Like everything security, it’s what you’re protecting against. Shoulder surfing and device theft are not something I worry about in my home setup, for example.
> The second factor does not have to be a second device. Like everything security, it’s what you’re protecting against.
It doesn't matter if you store your 2FA seed on a billboard or as a tattoo where the sun doesn't shine: 2FA means two factors. The definition doesn't change when your home setup's threat model doesn't call for 2FA and you thus decide to store two secrets in the same place (making a compromise of one necessarily a compromise of the other, thus 1FA)
> making a compromise of one necessarily a compromise of the other, thus 1FA
The only necessity is logical necessity, and it doesn't apply there.
You're saying you can store two pieces of information in one file, without a compromise of one implying a compromise of the other? Do elaborate
GP stated:
> The second factor does not have to be a second device.
Now, you are talking about two pieces of information in single file.
This is so wrong. You’re conflating where things are with what they are. Two factors does not mean two devices.
Yes it depends on your treat model. But being defeated by one simple keylogger isn’t a risk I’m willing to take even at home.
And yes, 2FA single use codes will protect against a simple keylogger.
But if its on the same device, it will not protect you against a password database harvester.