On 2026/02/14 17:13, [email protected] wrote: > Without looking at the code, the actual risks seem (imo) low, but I > don't know your threat model.
if some random process run by your uid is not allowed to read the password without confirmation, it should not be able to read an otp key either. (*possibly* an otp calculated value might be ok, but the key is *at least* as sensitive as a password, probably more so).
