On 19/06/2026 17:51, Brandon Nielsen via devel wrote:
Can we please stop repeating speculation about if requiring a second factor does or does not increase security, or whether holding a second factor on the same device as the first is a true second factor. Let's not let perfect be the enemy of better.

It depends. If the attacker only has a leaked password, the second factor will keep the account secure, but if the attacker has access to the password database file and successfully decrypted it, the security will be compromised.

I completely agree that 2FA is better than nothing. Moreover, modern password managers, such as KeePassXC, allow you to enter the 2FA code directly in your web browser automatically.

--
Sincerely,
  Vitaly Zaitsev ([email protected])
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to