[cuu508]

Consider 3 scenarios:

- Alice is currently reusing passwords, and does not use 2FA. Alice decides to set up 2FA, but keeps reusing passwords. Not ideal, but net improvement.

- Bob is using a password manager, but does not use 2FA. Bob decides to set up 2FA, and sticks to using the password manager for storing password. All good!

- Charlie is using a password manager, but does not use 2FA. Charlie decides to set up 2FA, and afterwards drops the password manager, and starts reusing passwords. Not good.

My guess is the Alice and Bob cases would be the majority. Do you think the Charlie cases would also be common?

[CogitoCogito]

While you're at it, you should also consider the scenario pointed out by the gp:

> It invites poor disipline with reusing passwords and with 500 pound gorilla corps, losing your second factor is losing your account permanently.

https://news.ycombinator.com/item?id=36416392

[cuu508]

I take the argument that enabling 2FA increases the risk of getting locked out of the account with no recourse.

But I doubt that many people with good password discipline will revert to bad password discipline after enabling 2FA (the Charlie example).

[bombolo]

Consider this scenario: i drop my phone in the water.

Now what? I have to create a new life.

[cuu508]

Sometimes a fresh start is a good thing :-)

Alternatively, you get a new phone, install a TOTP app and scan or import your TOTP seed backups.

[bombolo]

> Alternatively, you get a new phone, install a TOTP app and scan or import your TOTP seed backups.

What seed backups?

[Encrypt-Keeper]

You buy a new phone and continue using your TOTP app / password manager and continue with your life.

[bombolo]

Even if my totp app had cloud sync (the default android one doesn't), my cloud requires totp, so I can't use that account.