On Sat, May 14, 2022 at 03:05:11PM +1200, Ash Joubert wrote: > On 14/05/2022 00:42, Michael Stone wrote: > > On Fri, May 13, 2022 at 07:16:11AM +0200, tomas@tuxteam.de wrote: > > > A loong password is not "equivalent" to 2FA, that's right. Good > > > password management (of which length is but a part) is as secure > > > as 2FA. > > > > No, it really isn't. > > A good password will not protect you from password reset via a weak channel > such as email on an insecure server. > > 2FA will not protect you if the second factor is weak or resolves to the > same device. Hint: if you store your password and TOTP key in the same > manager then you have only one factor. Not to speak of SIM spoofing or social engineering of your mobile phone provider (yes, it has been observed in the wild). There goes your SMS second factor. Cheers -- t
Attachment:
signature.asc
Description: PGP signature