dtger.blogg.se - 1password 2fa setup

The point of one-time passwords is that they are not reusable even if they are captured in transit. That is one of several ways that passwords can be captured in transit. This way, Mr Talk can capture Molly’s passwords in transit to the servers and save them for later use. I should probably point out that Molly lacks the discipline to pay close attention to anything other than a squirrel or rabbit. If Molly isn’t paying close attention to the HTTPS status of her browser’s connection, she can send things unencrypted over Mr Talk’s network while thinking it is a secure connection.

Mr Talk is using SSL-strip on his rogue wifi hotspot. Airport Free Wifi was actually a laptop operated by Mr Talk, our neighbor’s cat. As it turned out, BVT-access was the legitimate one, but she connected to Airport Free Wifi.

One was BVT-access, and the other one was “Airport Free Wifi”. When she connected to Wifi, she saw several open wifi IDs. Recently Molly (my other dog) was at the Barkville Airport.

heed browser warnings about such connectionsīut networks are easy to compromise.

pay attention to the lock icon in your browser’s address field (indicating HTTPS).

use HTTPS instead of HTTP when doing anything sensitive.

Ideally, that connection is well encrypted so that the password cannot be captured when it is in transit. Normally, when you submit a password to a site or service, you send the same password each time. One-time passwords (the “OTP” in “TOTP”) are useful over insecure networks. Clearly, she could use TOTP more securely if it were available for the Login item within 1Password. Ideally, it should only be visible when she actually needs it, but she is understandably just trying to save time.

It’s sitting there ticking away all the time her laptop is running. She has set up an app on her laptop that just constantly displays the current TOTP code.