After going through the pain of moving 2FA accounts to authenticators on a new phone, I honestly don’t feel I can recommend average users to do it. We as a community need to come up with better ways to handle this.
I'm thinking cloud storage of encrypted (on your end, unreadable on theirs) pw store. Do you mean you need 2FA on each service you login to in order to trust a 3rd party having access to your (non-encrypted) pw store? Or 2FA/HSM for access to your pw store?
-
-
I have already written my ideas of what I expect from a password manager (https://flameeyes.blog/2018/01/24/designing-my-password-manager/ …). Anything that is not worse to use than 2FA, you can only trust that it's not backdoored. Thus, 2FA increases my trust in using any one at all.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.