2017-12-11 14:07 GMT+01:00 Antoine Pitrou antoine@python.org:
If I have my 2FA key on a regular computer (the same that runs my password manager), is it still 2FA?
It's still more secure than password only. If your password is leaked by any mean, the 2FA still keeps you safe.
From my point of view, the risk of password leak is much higher than a compromise of your machine to steal your 2FA key. Passwords are usually handled as text, you may paste it in the wrong field of a web form, pass it as clear text (HTTP) by mistake, etc. 2FA key usually use OTP: leaking an OTP is not an issue, since it's invalidated as soon as you use it. The time window to hack your account is much shorter.
It's not only a matter of 1-factor vs 2-factor, it's also the design of OTP which is more secure than passwords.
It's always a matter of compromise between usability vs security.
Victor