2FA keys are easily stolen from a desktop with a password manager running in the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

ihattendorf 10 months ago | parent | context | favorite | on: Emailing a one-time code is worse than passwords

2FA keys are easily stolen from a desktop with a password manager running in the background when running a malicious executable, vs. 2FA keys on a 2FA app on a phone and running a malicious app.

bccdee 10 months ago [–]

I don't know if this is true. A password manager should encrypt its data at rest, and exfiltrating a key from another process's memory space is non-trivial. At the very least, you'd need a privilege escalation trick.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact