I disagree that storing these separately is “the whole point of MFA”. Passwords ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		evanfarrar on April 10, 2022 \| parent \| context \| favorite \| on: Ask HN: Why do password managers have TOTP? I disagree that storing these separately is “the whole point of MFA”. Passwords can be hacked in a number of places, not just client side or in the password manager, so TOTP mitigates MITM style attacks where the password is known by an attacker but it was not gained from the password manager or the site. I certainly get that separating them would be theoretically better, but with TOTP in my password manager I end up using TOTP everywhere.

remus on April 10, 2022 [–]

Good point. I'd agree that totp on phone > totp in pw manager > no totp, so using it in some capacity is definitely better than not using it at all.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact