[roboben]

Never understood the point of storing your 2fa where your passwords are.

[zyrthofar]

If your password manager gets compromised, sure, but if someone gets access to a website's database with password hashes, the 2fa is a pretty big part that they're missing.

[TheSwordsman]

This does assume they aren't able to also compromise the encryption key used to protect the secret:

https://news.ycombinator.com/item?id=10845985

https://news.ycombinator.com/item?id=11136948