Unless the page gives you a captcha before the TOTP, which it definitely should. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bsza 11 months ago \| parent \| context \| favorite \| on: Why does storing 2FA codes in your password manage... Unless the page gives you a captcha before the TOTP, which it definitely should.

gruez 11 months ago | [–]

None of my bank accounts use a login captcha. Presumably they mitigate bruteforcing using lockouts or similar. Even if they use captchas, captcha solving services exist that solve for less than a cent per solve. It's not a huge barrier.

dns_snek 11 months ago | [–]

Modern captchas only deter humans, bots will pass right through.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact