In a few weeks I’ll do a workshop about security for people who are tech illiterate, I plan to teach about password managers and 2FA.

If I show the 2FA number codes, like the 123 456 ones that I have to paste when required, can that be a possible security breach for me? or is it save since is gonna change in a few seconds anyway?

  • nao@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    If you leak one of the 2FA codes, especially together with a timestamp, in theory it allows someone to brute force the seed, since they now have one known plaintext. If you leak multiple, it reduces the amount of time needed to do that.