Hacker News new | past | comments | ask | show | jobs | submit login

2FA is superfluous if you’re using high entropy passwords stored in a password manager that incorporates phishing protection mechanisms (e.g. refusing to fill / warning when domains do not match).



2FA is still useful if the password is leaked.


Not if the 2FA seed is leaked as well.


I don't use the deadbolt on my front door, I just close it.

If someone can open the handle they can kick down the door as well.


Until the password manager is hacked/leaked. See: lastpass breach.

Protecting the security of multiple devices is much easier than maintaining, rotating, and securing cryptographically secure passwords. Ideally, as with most things in security, do both. There’s no real reason to eschew 2FA other than “I hate typing in a code sometimes.”


> Until the password manager is hacked/leaked. See: lastpass breach.

Certainly. If we're considering password manager compromise, it's also reasonable to include compromises of all 2FA mechanisms. Users can often have 2FA creds phished just by calling them ("something is wrong with your account, please read the 2FA code to verify your identity"). Sure, you and I wouldn't fall for this, but there are plenty of retirees out there who have. At that point, neither 2FA nor password manager would save them. You could compromise the password manager by social engineering ("add evilsite.ru to the allowed sites") or even by supply chain attacks (create a build that permits evilsite.ru). Since supply chain attacks are a reasonable hack against password managers, the same could be said about 2FA apps.

Consequently, we don't get anywhere productive in this discussion by assuming software compromise into the threat model.


I don't really understand the point you're making. Certainly any method can be compromised - I'm not claiming that 2FA can't. In fact, the post you are responding to says ideally, do both. This is sort of why defense in depth is a concept. Even in your example, the 2FA compromise also involves first compromising the password/login credentials.


> In fact, the post you are responding to says ideally, do both

Right, I said that even if you do both, both can still be compromised simultaneously and independently. The discussion is more productive if we assume that the password manager can be made secure in the same way that 2FA can be made secure.

This returns to my original argument that “assuming a secure password manager with phishing protection, 2fa+password provides no more security than a high entropy password.” Before we go there, this also includes the unstated assumption that the website also leaks only useless information to an attacker (salted hashes that would require centuries to brute force).


Why even bother with passwords in the first place, they can just be social engineered or phished too!


> There’s no real reason to eschew 2FA other than “I hate typing in a code sometimes.”

Not even that is a good reason for someone who uses a password manager. Most of them today allow storing your 2FA key and auto-fill them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: