The second *factor* does not have to be a second *device*. Like everything secur...

Aachen · 2025-09-01T10:54:11 1756724051

> The second factor does not have to be a second device. Like everything security, it’s what you’re protecting against.

It doesn't matter if you store your 2FA seed on a billboard or as a tattoo where the sun doesn't shine: 2FA means two factors. The definition doesn't change when your home setup's threat model doesn't call for 2FA and you thus decide to store two secrets in the same place (making a compromise of one necessarily a compromise of the other, thus 1FA)

wolvesechoes · 2025-09-01T11:25:57 1756725957

> making a compromise of one necessarily a compromise of the other, thus 1FA

The only necessity is logical necessity, and it doesn't apply there.

Aachen · 2025-09-01T11:59:18 1756727958

You're saying you can store two pieces of information in one file, without a compromise of one implying a compromise of the other? Do elaborate

wolvesechoes · 2025-09-01T12:11:06 1756728666

GP stated:

> The second factor does not have to be a second device.

Now, you are talking about two pieces of information in single file.

brookst · 2025-09-01T16:38:08 1756744688

This is so wrong. You’re conflating where things are with what they are. Two factors does not mean two devices.

speedgoose · 2025-09-01T14:17:19 1756736239

Yes it depends on your treat model. But being defeated by one simple keylogger isn’t a risk I’m willing to take even at home.

AstralStorm · 2025-09-01T14:50:08 1756738208

And yes, 2FA single use codes will protect against a simple keylogger.

But if its on the same device, it will not protect you against a password database harvester.