If I compromise your computer, I still get both the password and the TOTP secret just from a simple keylogger. Not safe.
If you don't want to use your phone, just get a hardware token of some sort (Yubikey or similar). ~reed On Fri, Dec 30, 2016 at 3:31 PM Bertrand Jacquin <[email protected]> wrote: > Well, they don't have to be stored on the password store directory nor > > encrypted using the same GPG key. > > > > On 30/12/2016 23:28, Reed Loden wrote: > > > How is that 2FA if both factors are stored on the same media? Seems > > > quite insecure to me. > > > > > > ~reed > > > > > > On Fri, Dec 30, 2016 at 3:16 PM Bertrand Jacquin > > > <[email protected]> wrote: > > > > > >> Hi, > > >> > > >> Thanks to everyone involve in this really nice password tool you've > > >> > > >> made, this is something I'm using every day and really enjoy using > > >> it. > > >> > > >> Have you ever considered adding an option to handle TOTP, meaning > > >> that the > > >> > > >> seed could be stored in a gpg file and pass could provide an easy > > >> way to get > > >> > > >> current OTP by using oathtool. For example: > > >> > > >> $ oathtool -v --base32 --totp XXX > > >> > > >> Hex secret: YYY > > >> > > >> Base32 secret: XXX > > >> > > >> Digits: 6 > > >> > > >> Window size: 0 > > >> > > >> Step size (seconds): 30 > > >> > > >> Start time: 1970-01-01 00:00:00 UTC (0) > > >> > > >> Current time: 2016-12-18 17:42:53 UTC (1482082973) > > >> > > >> Counter: 0x2F1D38D (49402765) > > >> > > >> 799465 > > >> > > >> Thanks you be really handle for me to just run: > > >> > > >> $ pass show -c --totp Web/gandi.net [1] > > >> > > >> And being able to paste when Gandi ask for it. > > >> > > >> Cheers > > >> > > >> -- > > >> > > >> Bertrand > > >> > > >> _______________________________________________ > > >> > > >> Password-Store mailing list > > >> > > >> [email protected] > > >> > > >> https://lists.zx2c4.com/mailman/listinfo/password-store > > > > > > > > > Links: > > > ------ > > > [1] http://gandi.net > > > > -- > > Bertrand > >
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
