2017-12-11 14:07 GMT+01:00 Antoine Pitrou <anto...@python.org>: > If I have my 2FA key on a regular computer (the same that runs my > password manager), is it still 2FA?
It's still more secure than password only. If your password is leaked by any mean, the 2FA still keeps you safe. >From my point of view, the risk of password leak is much higher than a compromise of your machine to steal your 2FA key. Passwords are usually handled as text, you may paste it in the wrong field of a web form, pass it as clear text (HTTP) by mistake, etc. 2FA key usually use OTP: leaking an OTP is not an issue, since it's invalidated as soon as you use it. The time window to hack your account is much shorter. It's not only a matter of 1-factor vs 2-factor, it's also the design of OTP which is more secure than passwords. It's always a matter of compromise between usability vs security. Victor _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/