Viewing a single comment thread. View all comments

guatemaleco t1_j84e7xv wrote

16 characters seems low unless it’s a randomly generated password. PBKDF2 iterations would also matter a lot here. The most determining factor is probably how likely of a target are you? Are you likely worth the compute time?

1

[deleted] t1_j84lawy wrote

[deleted]

0

belteshazzar_der t1_j85klag wrote

This is incorrect. They stole the password vaults themselves, so if they crack your master password they'll get access to all of your passwords. Doesn't matter if you have 2FA on. This is one of the main reasons why this breach was so bad.

10

guatemaleco t1_j8gt399 wrote

Yea, 2FA is not used in encryption at all. It's only part of authentication to retrieve the encrypted vault. Since the vaults were already stolen, 2FA is meaningless here.

1