[photon-torpedo]

Then if the password manager is compromised, the second factor wouldn't add any protection over just a password.

Then again, people that use password managers at all usually have stronger passwords and less password reuse, so it can be an acceptable tradeoff.

[tarentel]

In my case it wouldn't anyway. Almost all of my 2FA is tied to my password manager as well. I am sure I am not alone in this. It is kind of scary to think about though.

[tuckerman]

I do the same but, for me, the threat of my password manager being compromised is much much smaller than the threat me not enabling 2FA out of laziness or the concern I might lose my 2FA codes. I keep my main email codes out of the password vault and that is enough to calm my nerves.

Not everyone has the same risk profile/tolerance, but I just wanted to say that I don't think anyone should feel bad about doing the best they can, even if that stops short of the absolute best.

[tomrod]

Aye, but it assumes the company isn't keep the password in plain text.