Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
I see. IIRC from school, “factor” actually has a definition - it’s either something you have (keycard, phone), something you are (biometrics) or something you know (password).
For authentication to be truly an effective MFA, it would have to require at least two of those factors. And that’s also why I.e email isn’t really a MFA.
So, I guess it boils down to where are you storing your passwords. If they are also in the password manager, then, its only 1FA, because knowing your password manager password is enough to defeat it. (Or, if someone finds a zeroday in the pass manager).
I see. IIRC from school, “factor” actually has a definition - it’s either something you have (keycard, phone), something you are (biometrics) or something you know (password).
For authentication to be truly an effective MFA, it would have to require at least two of those factors. And that’s also why I.e email isn’t really a MFA.
So, I guess it boils down to where are you storing your passwords. If they are also in the password manager, then, its only 1FA, because knowing your password manager password is enough to defeat it. (Or, if someone finds a zeroday in the pass manager).