Is this some sort of a convenience feature hidden behind a paywall to justify purchasing their subscriptions or does generating the codes actually cost money? If the latter is the case, how do applications like Aegis do it free of cost?

  • darcy
    link
    fedilink
    181 year ago

    its best to keep passwords and totp separate

    • @[email protected]
      link
      fedilink
      2
      edit-2
      1 year ago

      Not sure I agree.

      Yes, your password manager is a single point of failure this way. But I would argue any non-SMS based TOTP is better than none, so if a higher percentage of people use it the easy way instead of not at all I consider that a win.

      After all, you would still not only need the password but also access to the manager which technically is more than one factor.

    • 7heo
      link
      fedilink
      2
      edit-2
      1 year ago

      Naaah, in “Multiple factor Authentication”, the word “factor” is just to look cool… The original MfA meant “Multiple fields Authentication”. (I’ll see myself out)

      • darcy
        link
        fedilink
        21 year ago

        i dont think i know what youre talking about?.. but factor refers to one of three types: something you know (passwords), have (totp or yubikey), or are (biometrics). having 2 passwords is almost the same as having one password, since they are the same factor. thats why having totp linked to your password manager is basically like having 2 passwords. it almost defeats the point

        • 7heo
          link
          fedilink
          21 year ago

          I made a joke, basically saying that if you use a single device, it’s “Multiple fields authentication” as opposed to “multiple factors authentication”.