RmDebArc_5@piefed.zip to Technology@lemmy.worldEnglish · 8 months agoProton releases a new app for two-factor authenticationtechcrunch.comexternal-linkmessage-square95linkfedilinkarrow-up1269arrow-down115file-textcross-posted to: buyeuropean@feddit.ukprotonprivacy@lemmy.world
arrow-up1254arrow-down1external-linkProton releases a new app for two-factor authenticationtechcrunch.comRmDebArc_5@piefed.zip to Technology@lemmy.worldEnglish · 8 months agomessage-square95linkfedilinkfile-textcross-posted to: buyeuropean@feddit.ukprotonprivacy@lemmy.world
minus-squareartyom@piefed.sociallinkfedilinkEnglisharrow-up10arrow-down1·8 months agoCorrect. However it’s worth noting that passwords are almost always compromised server-side. So 2FA is far more a mitigation of data breaches from the provider, rather than your password manager being breached.
minus-squarepulsewidth@lemmy.worldlinkfedilinkEnglisharrow-up3·8 months agoFeels like everyone has forgotten when LastPass was breached, and that was barely three years ago. Any affected LastPass users storing their 2FA backup codes in with the rest of their login data got a rude awakening. Anyone who had them separate was at least able to rescue those accounts. But hey do what you like people, I know convenience usually trumps security.
minus-squareartyom@piefed.sociallinkfedilinkEnglisharrow-up1·8 months agoAs far as I know, passwords and TOTP keys were never leaked by LastPass. Regardless, I did say almost always.
Correct. However it’s worth noting that passwords are almost always compromised server-side. So 2FA is far more a mitigation of data breaches from the provider, rather than your password manager being breached.
Feels like everyone has forgotten when LastPass was breached, and that was barely three years ago.
Any affected LastPass users storing their 2FA backup codes in with the rest of their login data got a rude awakening.
Anyone who had them separate was at least able to rescue those accounts. But hey do what you like people, I know convenience usually trumps security.
As far as I know, passwords and TOTP keys were never leaked by LastPass. Regardless, I did say almost always.