> Having a separate identity factor, something that I own, is not to save me from myself. It's to save me if someone steals my phone or laptop and is able to get into it.
What if that second factor is physical and stolen along with the things it was supposed to protect? What if your biometrics are cloned in some way?
Having TOTP synchronized across devices, but protected by passwords mitigates those risks as well as the risk that you lock yourself out by loss of a physical token.
What if that second factor is physical and stolen along with the things it was supposed to protect? What if your biometrics are cloned in some way?
Having TOTP synchronized across devices, but protected by passwords mitigates those risks as well as the risk that you lock yourself out by loss of a physical token.