Ask HN: As a result of 2fa, can I now use easier passwords?

4 points

14 years ago

I have various web accounts which like many, I don't want to see compromised. To to try and ensure this, I have been using 1Password on my Mac/PC/Mobile devices which not only generates unmemorable passwords but keeps them on hand too.

This worked for everything except Gmail which I need quicker access to and as a result, Gmail had a "weaker" password for sometime. About 18 months ago, I enabled 2fa for my Gmail account as I had come to much the same conclusion as Geoff Atwood did here: http://www.codinghorror.com/blog/2012/04/make-your-email-hacker-proof.html

Given Gmail is what I use to sign up to pretty much everything, it made sense to make sure it was as secure as possible which obviously a weaker password was not going to help with. However, with 2fa, I feel relatively secure given my weaker password is no longer the only way in.

In recent times, many of the tools I use regularly have implemented 2fa - Dropbox, Cloudflare (Today- prompted this thinking), WordPress, my Microsoft account and others that don't come to mind given they rely on my mobile (cell) number which means I don't remember them.

As a result of this, my question is simply can I now use a more memorable password for my account? Or is 2fa giving me a false sense of security?

1 comment