2017-12-11 14:07 GMT+01:00 Antoine Pitrou <anto...@python.org>:
> If I have my 2FA key on a regular computer (the same that runs my
> password manager), is it still 2FA?

It's still more secure than password only. If your password is leaked
by any mean, the 2FA still keeps you safe.

>From my point of view, the risk of password leak is much higher than a
compromise of your machine to steal your 2FA key. Passwords are
usually handled as text, you may paste it in the wrong field of a web
form, pass it as clear text (HTTP) by mistake, etc. 2FA key usually
use OTP: leaking an OTP is not an issue, since it's invalidated as
soon as you use it. The time window to hack your account is much
shorter.

It's not only a matter of 1-factor vs 2-factor, it's also the design
of OTP which is more secure than passwords.

It's always a matter of compromise between usability vs security.

Victor
_______________________________________________
python-committers mailing list
python-committers@python.org
https://mail.python.org/mailman/listinfo/python-committers
Code of Conduct: https://www.python.org/psf/codeofconduct/

Reply via email to