[YXNjaGVyZWdlbgo]

Wait so it lets you store your 2FA secrets and your password in the same place? That sounds counterintuitive.

[jfrunyon]

It's super useful for a few sites I visit frequently who require 2FA but I don't need that security. But yeah, otherwise it's a pretty remarkably bad idea.

[scrollaway]

When you sign in to a website from your phone using a saved password and use that same phone for 2fa, it's pretty much the same thing.

The whole meme that saving the 2fa seed to password managers is a bad idea needs to die. Most of the advantages of 2fa are still present when using a password manager.

[jfrunyon]

It's the other way around. Literally all of the advantages of using 2FA are not present when you store both factors together.

[scrollaway]

You are wrong. The primary advantage of 2fa is the OTP part, which wards against keyloggers and password reuse.

[jfrunyon]

Unless of course the keylogger also has access to the OTP.

If your device is compromised, your device is compromised.

It doesn't matter what the advantages of 2FA are. You don't have 2FA ("two-factor authentication") if your factors are stored together.