Login with QR - a risk?
Hello,
I have a concern on the login with QR.
- I’ve read how it securely sends my secret key and master password
- and how I need to verify on the approver device
- but if someone had my password manager open or even forces me (say biometric unlock) to open then they could login on their device
- They would go their separate way with their device
- disconnect from the internet so my unlink or secret key change would make no difference
- and view away all my content.
given this is there a way I can turn that option off.
I haven’t tested yet but if 2FA is on does that still need to be entered? I guess that’s a potential solution.
