Security of KeePass and Yubikey OATH-HOTP
How secure is KeePass in addition with a Yubikey with OATH-HOTP?
I read in Yubikey with KeePass using challenge-response vs OATH-HOTP that with OATH-HOTP there isn´t added a real second factor.
But what I don´t understand is that without the plugin and only with the master password I can´t open the database. The only way I see is to open the database with the “recovery” key.
So I think with OATH-HOTP you can use longer password (master password + OTPs) because you have to memorize a shorter master password. Thereby the security is increased if you use a long “recovery” key for OATH-HOTP.
Is that right?