this post was submitted on 13 Mar 2026
798 points (98.0% liked)

Programmer Humor

30349 readers
1061 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
798
I love password based login (lemmy.world)
submitted 1 day ago by bdjegifjdvw@lemmy.world to c/programmer_humor@programming.dev
163 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] BCsven@lemmy.ca 2 points 7 hours ago (2 children)

Not if your TOTP codes are generated by another device, then the attacker needs your password, plus the device holding the key for TOTP. If you use it on your phone and authenticator is your phone then a theif has everything when they steal your phone.

Hardware key for TOTP is a better 2FA method as its totally separate from your PC or phone

[–] TheObviousSolution@lemmy.ca 1 points 5 hours ago (1 children)

If you can get at a password by hacking a website, I wouldn't be holding out hope that they couldn't then steal the TOTP secret.

[–] BCsven@lemmy.ca 1 points 5 hours ago

I mean yes everything is hackable. Thankfully the hardware key supports FIDO where there is a public / private pair with private locked on the hardware. Not enough services support this though.

So threat is being targeted and having somebody steal the hardware key.

[–] killingspark@feddit.org 1 points 5 hours ago

As long as the default recommendation is to use authenticator apps on your main device I'll see this as a "could be good if implemented correctly, which it isn't, so it isn't good"