On Sat, May 14, 2022 at 02:40:53PM +1200, Ash Joubert wrote: > On 13/05/2022 12:23, Nicholas Geovanis wrote: > > That's the value added in exchange for Ash's "massive pain in the arse". > > Just making the 1st factor be > > a loong password is not equivalent to 2FA in any way. Machine reaching back > > to you is the difference. > > There are attacks that 2FA can defeat, especially things like password reset > via compromised email server, but in general, two weak factors are not a > match for a strong unique random password [...] [strong, unique, random] That's it. The unique part can't be stressed enough: if your have umpteen services out there, it's a matter of time until one of those passwords leak (incompetent service provider, phishing, etc.). It better be different from your other passwords. To minimise stress, I let a tool generate my passwords (pwgen). Important ones are 16 char (disk & backup encryption, bank account key armor, etc.), less important ones (e.g. local login) just 8. Cheers -- t
Attachment:
signature.asc
Description: PGP signature