|
|
|
|
|
|
by twicetwice
927 days ago
|
|
|
My "solution" to this problem is: hardware keys with backups for the really important services—Bitwarden, Google, domain registrar, etc. And then for stuff that isn't absolutely critical, I just use an OTP stored in Bitwarden. As for having both the password and OTP stored in the same place, the way I see it, the OTP is mainly protecting against keyloggers, data breaches, etc. And then I figure, if someone gets into my Bitwarden account, I'm already fucked anyway, so it's whatever. I currently have four Yubikeys: one on my keychain, one in my apartment, one to take with me while traveling, and one at my parents' house. I figure this should be adequate to ensure I never get locked out of Bitwarden or Google, which would be an utter disaster. |
|
|
The OTP in the password manager one is another thing I’ve struggled to wrap my head around. There’s an interesting conversation about it with folks at 1Password for those interested: https://1password.community/discussion/101714/why-is-it-a-go...