After going through the pain of moving 2FA accounts to authenticators on a new phone, I honestly don’t feel I can recommend average users to do it. We as a community need to come up with better ways to handle this.
2FA is a poor & obnoxious substitute for, and useless if you properly use, password managers.
-
-
Completely, totally and wholeheartedly disagree.
-
Completely, totally, and wholeheartedly agree with
@raistolo’s complete, total, and wholehearted disagreement.
End of conversation
New conversation -
-
-
I don't fully agree. They are complementary in my opinion. I trust a (cloud based) password manager *because* I use 2FA. And using a non cloud pwmanager is just as inconvenient as TOTP apps if not worse.
-
I'm thinking cloud storage of encrypted (on your end, unreadable on theirs) pw store. Do you mean you need 2FA on each service you login to in order to trust a 3rd party having access to your (non-encrypted) pw store? Or 2FA/HSM for access to your pw store?
-
I have already written my ideas of what I expect from a password manager (https://flameeyes.blog/2018/01/24/designing-my-password-manager/ …). Anything that is not worse to use than 2FA, you can only trust that it's not backdoored. Thus, 2FA increases my trust in using any one at all.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.