I was always annoyed with MFA because i didnt like needing multiple devices or applications just to log into one shitty website. Now i have my TOTP stuff stored in keepassxc so it just autofills with zero hassle :)
Its not very “multi” anymore, so its a bit less secure but much easier to use.
I suppose that you could have a separate database for your TOTP secrets, but I think that the autofill already helps with spotting phishing, which I believe is a good trade. If my autofill doesn’t work all of a sudden, I might check the domain name again.
Realistically speaking, MFA most importantly is to get away from the “something you know” factor since that is generally more vulnerable. Even if it is a single factor, it’s a better factor.
Also enables people to meaningfully have multiple factors if they choose. The password managers generally require a master passphrase and/or unlocking through something like “Windows Hello”
Yeah basically, but MFA is honestly not that needed if you use a password manager, secure passwords and URL based autofill. MFA was invented to protect plebs that use bad passwords and easily fall for phishing sites.
Yeah but in that sense my method still fulfills that requirement. They would need to actually get access to my locally stored kdbx file and my master key. If they get that then everything is fucked anyways.
I was always annoyed with MFA because i didnt like needing multiple devices or applications just to log into one shitty website. Now i have my TOTP stuff stored in keepassxc so it just autofills with zero hassle :)
Its not very “multi” anymore, so its a bit less secure but much easier to use.
I suppose that you could have a separate database for your TOTP secrets, but I think that the autofill already helps with spotting phishing, which I believe is a good trade. If my autofill doesn’t work all of a sudden, I might check the domain name again.
Isn’t that effectively back to single factor?
Realistically speaking, MFA most importantly is to get away from the “something you know” factor since that is generally more vulnerable. Even if it is a single factor, it’s a better factor.
Also enables people to meaningfully have multiple factors if they choose. The password managers generally require a master passphrase and/or unlocking through something like “Windows Hello”
Yeah basically, but MFA is honestly not that needed if you use a password manager, secure passwords and URL based autofill. MFA was invented to protect plebs that use bad passwords and easily fall for phishing sites.
It’s still good practice even if your password is secure. That way bad actors would still need your MFA code if your data ever gets leaked or stolen.
Yeah but in that sense my method still fulfills that requirement. They would need to actually get access to my locally stored kdbx file and my master key. If they get that then everything is fucked anyways.