I store my mechanically generated passwords in 1Password. And I do not use the password in any way.

In such a case, does it make sense to activate TOTP? In my immature opinion, TOTP is only effective if you are using the same password for multiple websites. If this is incorrect, could you please tell me when TOTP would be useful?

  • bamboo@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    1
    ·
    21 days ago

    In general TOTP is recommended when offered. Aside from what other people are bringing up about added security when using password authentication, many sites use TOTP in the account recovery process when a password is forgotten. This is an old example, but in this case, attackers were able to do a forgot password for Gmail which sent a recovery email to an Apple email address, which the attackers were able to access. Had Mat been using MFA for Gmail, the attackers would have been prompted to provide an MFA code before the recovery email would be sent, thwarting the attack.