top | item 43976716

(no title)

bouncing | 9 months ago

The problem with the suggestions here is that it puts all your eggs in the same basket. 1Password TOTP? If both your password and the TOTP are in your password manager, you arguably really just have a single factor, delegated to a third party (your password manager). PassKeys? Same problem. Storing your recovery keys in your password manager? You again just have 1 factor.

SMS is bad and should go away, but it isn't so clear what the replacement needs to be for most people.

discuss

Hackbraten|9 months ago

If you use a password manager, you might not be part of the target group that benefits most from a second factor.

A decent password manager nudges you into using unique passwords per service. Good password managers also offer you a browser extension, which injects the password directly into the DOM instead of using the clipboard, and checks the domain, too. It's not 100% secure, but at that point, 2FA may be a diminishing return already.