Programmer Humor

30358 readers

1546 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

1205

I love password based login (lemmy.world)

submitted 1 day ago by bdjegifjdvw@lemmy.world to c/programmer_humor@programming.dev

175 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Coleslaw4145@lemmy.world 1 points 6 hours ago* (last edited 6 hours ago) (2 children)

But if a password manager is compromised then doesn't the attacker also get the TOTP key which is what generates the codes in the first place?

It wouldn't matter if it expires in one minute because they'll have the token to generate the next code, as well as now knowing the password.

[–] JcbAzPx@lemmy.world 1 points 2 hours ago

That depends on the manager. Good ones won't have access to your stuff outside of an encrypted blob. Still, it's generally better to use a separate authenticator.

[–] Fiery@lemmy.dbzer0.com 7 points 5 hours ago (1 children)

That makes it a single point of failure yes, and the rest of the comment you're replying to goes into detail on what it does protect from even if both passwd and TOTP are in the password manager

[–] Coleslaw4145@lemmy.world 3 points 5 hours ago

Sorry i misunderstood what you were saying. I thought you were saying that if the password manager was compromised then the attackers would have only 1 minute to make use of the tokens before they change.