I store my mechanically generated passwords in 1Password. And I do not use the password in any way.

In such a case, does it make sense to activate TOTP? In my immature opinion, TOTP is only effective if you are using the same password for multiple websites. If this is incorrect, could you please tell me when TOTP would be useful?

  • JustAnotherKay@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    18 days ago

    TOTP is only effective if you are using the same password for multiple websites.

    Whether it’s the same password you use for everything, or a different password for each individual service, a time based one time password will increase security by requiring a potential hacker to have access to your device or some well-kept secrets in addition to your password. Lacking TOTP, you reduce the amount of hurdles required to get into your account.

  • tomcatt360@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    18 days ago

    TOTP is used to increase security by requiring potential attackers to both know your password, and have your token generating device. Usually your phone. It is useful even if you have unique passwords because the attacker needs access to both your password management solution and to your token generating device to gain access. In my opinion, it’s worth setting up TOTP on all accounts that you care about.

  • 56!@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    18 days ago

    There are 2 benefits of using TOTP here:

    If an attacker gains access to your password, maybe through a keylogger or browser extension, the TOTP code will expire after a minute, and the attacker won’t be able to log in later.

    Using 2-factor authentication (in general) allows you to keep your login information on 2 separate devices, such as using your computer to store passwords, and your phone to generate TOTP codes. Most people (me included) will probably use 1 device for both though.