• lud@lemm.ee
    link
    fedilink
    English
    arrow-up
    7
    ·
    5 months ago

    Doesn’t synced solutions completely defeat the purpose of MFA?

    • JasonDJ@lemmy.zip
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      5 months ago

      Not if you protect the master key with MFA, like a yubikey. Then it’s cryptographically secure for quite a while…at least until quantum computing is affordable enough to be used against your data. Or the database and your yubikey and yourbpassphrase are compromised

    • snek_boi@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      You’ve got a good point. I wonder if this an example of a trade-off between convenience and security. If you’re logging in and you get an MFA prompt, a Yubikey has to be physically searched, while Bitwarden or Proton Pass only have to be clicked. A Yubikey can only hold a limited amount of accounts, while Bitwarden or Proton Pass could hold many more. Of course, a Yubikey could be used as MFA for Bitwarden or Proton Pass, but that would create a single point of failure and reduce factor separation (which I think is your original point).

      While I posted a Bitwarden or Proton Pass recommendation of sorts, I genuinely wonder if it’s advisable to not use MFA at all if the factors will not be separated. Or, perhaps, the best security solution is the one you’ll actually use. I guess the answer is the good ol’ “What’s your security model?”