1257

I love password based login (lemmy.world)

submitted 1 day ago by bdjegifjdvw@lemmy.world to c/programmer_humor@programming.dev

181 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Coleslaw4145@lemmy.world 1 points 19 hours ago* (last edited 19 hours ago)

But if a password manager is compromised then doesn't the attacker also get the TOTP key which is what generates the codes in the first place?

It wouldn't matter if it expires in one minute because they'll have the token to generate the next code, as well as now knowing the password.

[-] Fiery@lemmy.dbzer0.com 8 points 19 hours ago

That makes it a single point of failure yes, and the rest of the comment you're replying to goes into detail on what it does protect from even if both passwd and TOTP are in the password manager

[-] Coleslaw4145@lemmy.world 3 points 18 hours ago

Sorry i misunderstood what you were saying. I thought you were saying that if the password manager was compromised then the attackers would have only 1 minute to make use of the tokens before they change.

[-] JcbAzPx@lemmy.world 1 points 15 hours ago

That depends on the manager. Good ones won't have access to your stuff outside of an encrypted blob. Still, it's generally better to use a separate authenticator.

this post was submitted on 13 Mar 2026

1257 points (98.2% liked)

Programmer Humor

30365 readers

1126 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev