Quote:
Originally Posted by gardenweed
Consider if you only ever use your FIDO U2F key, but for emergency recovery purposes have your phone or a TOTP registered.
If you never lose your key and only use that key, and you never use the TOTP or phone method, then are you safe from MITM attacks?
|
That is my understanding.
The issue would be whether your backup phone option could be hacked; Reddit was hacked with an SMS intercept. You want to think about social engineering of someone taking over your phone account. For some, this may be overkill, but for others of us, these are real issues to consider.