On 19/06/2026 17:51, Brandon Nielsen via devel wrote:
Can we please stop repeating speculation about if requiring a second factor does or does not increase security, or whether holding a second factor on the same device as the first is a true second factor. Let's not let perfect be the enemy of better.
It depends. If the attacker only has a leaked password, the second factor will keep the account secure, but if the attacker has access to the password database file and successfully decrypted it, the security will be compromised.
I completely agree that 2FA is better than nothing. Moreover, modern password managers, such as KeePassXC, allow you to enter the 2FA code directly in your web browser automatically.
-- Sincerely, Vitaly Zaitsev ([email protected]) -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
