what is the worst thing can happen if you leak your 2FA/MFA secret? (lemm.ee)

submitted 3 months ago by humuhumu@lemm.ee to c/privacy@lemmy.ml

6 comments fedilink hide all child comments

all 8 comments

sorted by: hot top controversial new old

[-] Album@lemmy.ca 29 points 3 months ago

Your mfa is now mfa-1

[-] RvTV95XBeo@sh.itjust.works 8 points 3 months ago

Worst thing? Someone with access to your password can now break into the associated account, and use that access to snoop or potentially permanently lock you out. E2EE data could be lost forever if they change the password and 2FA.

More likely? Unless you reuse passwords, or the associated site has been recently compromised, pretty low odds of compromise. If you suspect your 2FA has leaked, just get a new secret, easy peasy. Most reputable sites should alert you to a login on a new device, potentially giving you time to react or alerting you of snooping.

If your secret leaks without context on what site it's associated with, then unless your name is Taylor Swift, odds of someone associating it to a site, let alone the matching password, are astronomical.

[-] gomp@lemmy.ml 5 points 3 months ago

Then your password (your other, "first" factor) is the only thing preventing an intruder impersonates you.

You'll still have to go through the hassle the now useless second factor puts you through, so you might as well update your second factor even if you trust your first to be very secure.

[-] possiblylinux127@lemmy.zip 2 points 3 months ago

Change it and be done

this post was submitted on 17 Jun 2024

36 points (100.0% liked)

Privacy

31279 readers

497 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS