Where to store OTP tokens - eviltoast

Is it safe to store OTP tokens on the same device? Even if app is encrypted and locked with passcode?

  • Extras@lemmy.today
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Honestly a big debate, so it really depends on your threat model. Lots of people even keep their totp seeds within their password manager which basically defeats 2fa imo, but it’s highly convenient. Personally I keep my totp seeds seperated in a sandboxed user profile.

    • MangoPenguin@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      1 year ago

      It only defeats 2FA from a standpoint of someone gaining access your PW manager. But for everything else like a service getting hacked and leaking your passwords for it, the 2FA will still do its job fine.

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I store my totp seeds in a separate, rarely used password manager, which then follows me on an “emergency USB” - hopefully something I won’t need to use at all