undefined | Better HN

0 pointszobzu13y ago0 comments

Except in practice you have both factors on the phone (unless you don't use the phone for anything else than .. phone and an authenticator? that just never happens)

so, no, you just need to think about it a little while longer.

0 comments

isaacaggrey13y ago

> Except in practice you have both factors on the phone

What do you mean by this? I'm not doubting you, but I'm still a bit confused -- currently taking a Security course, so I'm a newbie in the field.

Do you mean that if the phone is compromised (and you don't know its compromised) that once you input your password (the "what you know") the system is broken? Certainly, I can see that.

I may still be misunderstanding, but if you don't store your password(s) on your phone, then does it prevent this attack?

j / k navigate · click thread line to collapse