Reusing passwords should be illegal and if you do this you're gonna have a bad time
Discussion
Yep.
Just add a 1 to the end.
Using the same password manager for passwords and 2FA should be illegal. If you do this, you're gonna get fucked.
Why
If they crack your password manager you're dead. No single points of failure π
No one is going to be able to do that. It helps to not use something terrible like lastpass or dashlane.
However, put the most important 2FA in a separate app. Leave the Netflix/Amazon 2FA in the password manager.
Be aware: likely the most important 2FA are those for your email accounts. All your email accounts.
If my login information is breached, I'm protected by my 2FA codes.
If my 2FA codes are breached, my login information are still safe.
2FA is meant to provide extra security. This is pointless if your login info and 2FA info are in the same place.
True if your password manager has a terrible security model, but not so if secured itself by multiple keys that never see exposure to the internet.
Check this out. I haven't come across another password manager with a security model like this: https://1passwordstatic.com/files/security/1password-white-paper.pdf
I love 1Password and have been using them for a few years now. I would recommend them wholeheartedly.
I also recommend Bitwarden as a secondary service.
I need to look into Bitwarden's security model more, but I'd probably only feel comfortable running it locally unless they have a comparable design to 1Password. Aside from their security principles, the other thing i really love about 1Password is how multiplatform they are. Wonderful apps for Windows, Mac, and Linux, and they have a cli and SSH agent i use in Linux.
what if you put 2fa in the manager but the 2fa for the manager is in a different authentication software? convenient and more secure π€
It's on my to do to fix this up...
Assume all passwords are compromised. No pvt key material online, ever. Analog with signing devices only.
I only reuse other people's passwords.
So, you want the state to have access to everyone's private keys? /sarcasm
One to rule them all