I haven't migrated my 2fa to it yet, but bitwarden seems to have 2FA baked in so it can be automated. I can't tell if that's worth doing or if it defeats the purpose
>bitwarden seems to have 2FA baked in so it can be automated. I can't tell if that's worth doing or if it defeats the purpose
It most definitely defeats the purpose. Whether it's worth doing depends on how much you value your time and how secure you think the rest of your setup is (ie. if it's super secure the marginal security might not be worth the additional time).
If your password manager password is compromised, you're pretty screwed no matter how you slice it. For most people that use a password manager, I would guess that exposing their main password is an unlikely scenario. Loss/theft of a phone seems much more likely, and in that scenario, you're exactly as screwed as you would be if you had all of your 2fa codes in your password manager.
Only if compromised. I prefer storing my sensitive data there, and also protect it with 2FA to make sure my extra long and unique passphrase is not the weakest link.
It's fantastic. After you fill your password, the 2FA code is automatically copied to your clipboard. Logging into a two factor form for me is basically Cmd + Shift + L (fill login), enter, Cmd + V (paste 2fa code), enter.
I think it's pretty valuable - you automatically get the benefit of your pw manager recognizing the domain and only logging you in/copying the code if the domain matches what's in the password manager.
It most definitely defeats the purpose. Whether it's worth doing depends on how much you value your time and how secure you think the rest of your setup is (ie. if it's super secure the marginal security might not be worth the additional time).