|
|
|
|
|
|
by ydant
1200 days ago
|
|
|
There are multiple attack vectors that 2-factor helps with, and storing your 2-factor alongside your password does still help in some, just not all. For the more common attacks I expect to encounter, namely a single password being leaked, a password manager is still based on something I "possess" (to an extent) - the decrypted password vault. It's separate from the single password that's likely to have been compromised in the most common scenario. Of course, if my whole vault is compromised, then yes, storing my 2-factor in there made my life worse than the alternative. I just don't see that as anywhere near as likely a scenario as an individual account being compromised. Having 2-factor enabled in a less secure method is still better than not having 2-factor enabled at all. Basically, there's nuance to this, it's not the extreme you present - a more in-depth comment on this: https://security.stackexchange.com/questions/150448/is-it-se... |
|
|