Re 1: If a.com is hacked, only a.com's OTP seeds are compromised. b.com should (... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		arnarbi on Oct 12, 2014 \| parent \| context \| favorite \| on: Password Security: Why the horse battery staple is... Re 1: If a.com is hacked, only a.com's OTP seeds are compromised. b.com should (hopefully) use different seeds, so 2FA still prevents someone from logging in.

MarkMc on Oct 13, 2014 [–]

Yes you are right - I was thinking about the case where only a.com uses 2FA, not b.com

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact