• combat_brandonism [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 months ago

    Don’t store 2FA TOTP passcodes in your password manager, that makes it not 2FA.

    Depends on your threat model, for most people password manager storage is fine because you’re still protected against the service getting owned and leaking your password.

    If you’re worried about your phone being exploded tho you probably do have a threat model that precludes storing TOTP creds in your password manager.

    • hypercracker@hexbear.net
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 months ago

      I would say that putting TOTP seeds in your password manager also brings risk of unintentional lockout, because usually access to your password manager is gated by TOTP codes and if you lose access to your active TOTP codes and need to also use them to log into your password manager to get your backed-up TOTP seeds, you could be shit outta luck.