I use 1password but opt out of this feature. Just as described in the article masterpassword creates a single source of failure so I don't personally want to put more eggs in that basket.
I keep my unimportant 2FA in 1Password and the really important one’s (e-mail, domains, etc) in a separate 2FA app.
If someone has pwned my 1Password I don’t really care if they log on to my Discord or order a limited amount of crap on Amazon because I am in much deeper shit at that point.
It depends on the set of credentials. Your primary email address, your access to 1Password, things of that nature can and should be stored in a 2FA app on another device. But the majority of 2FA codes for most websites are fine to be stored in your password manager. This way you can enable 2FA on every site you use, without the inconvenience, but you can reserve the extra security of a second device for services that would be critical failure points for you.
jorvi|2 years ago
If someone has pwned my 1Password I don’t really care if they log on to my Discord or order a limited amount of crap on Amazon because I am in much deeper shit at that point.
Encrypt-Keeper|2 years ago