• RvTV95XBeo@sh.itjust.works
    link
    fedilink
    arrow-up
    7
    ·
    5 months ago

    Worst thing? Someone with access to your password can now break into the associated account, and use that access to snoop or potentially permanently lock you out. E2EE data could be lost forever if they change the password and 2FA.

    More likely? Unless you reuse passwords, or the associated site has been recently compromised, pretty low odds of compromise. If you suspect your 2FA has leaked, just get a new secret, easy peasy. Most reputable sites should alert you to a login on a new device, potentially giving you time to react or alerting you of snooping.

    If your secret leaks without context on what site it’s associated with, then unless your name is Taylor Swift, odds of someone associating it to a site, let alone the matching password, are astronomical.