Ask HN: If a password manager stores your 2FA token is it still 2FA?

5 pointsby nathan_phoenixalmost 2 years ago

3 comments

spansoaalmost 2 years ago

It's redundant having the two together. I suppose it still has the nicety of 'unphishable logins'. Personally though, I have a separate KeepassXC DB with all my 2FA stuff there. I use the Raivo OTP[0] app for TOTP. I would only open my 2FA DB when trying to recover from a lost/damaged/stolen device with my Raivo OTP creds in it.<p>[0] <a href="https://raivo-otp.com/" rel="nofollow noreferrer">https://raivo-otp.com/</a>

tiernanoalmost 2 years ago

I suppose it depends on how secure the password manager is and how much security is built into it. I am using 1Password for most of my 2fa stuff (bar my personal and work office 365, plus Authy for some backup 2fa codes and stuff that won't export). Everything in 1pass is secured using my yubikey.

评论 #36933025 未加载

wasabinatoralmost 2 years ago

It is if your password manager is offline and not synced to the cloud imho. I use the commandline password store for this reason.