Yes, if your vault is hacked, your 2fa will become 1fa, but:
- 2fa is still good for stopping someone who steals your password but not your whole vault
- 2fa blocks people from guessing your password (through brute force etc)
The whole concept of yubikeys bothers me. If it is lost, broken, or stolen, access to everything it protected is effectively gone. Same for SMS if you have an eSIM and your phone is lost or destroyed (as happened to me recently, and was a nightmare). TOTP synchronized to multiple devices seems to be the only way to have MFA while protecting oneself from getting locked out. I'm open to being convinced otherwise.
... The posession factor is the encrypted file that stores your secrets. It is in fact the same factor that Aegis uses, because it also uses an encrypted file to store your secrets. I'm not sure what you're expecting Aegis to do that is different from storing TOTP secrets in an encrypted file.
You missed the bit where I mentioned keeping my TOTP secret keys separate from my passwords by storing them in separate vaults, each of which is separately encrypted on-device with a different password. Cloud synchronization is optional.
The goal is to protect your data from brute force not from yourself, it’s perfectly reasonable to have 2fa in your password manager, saying it’s 1fa is just fud
2FA traditionally means relying on one thing you know (i.e. a password) plus one thing you have, or one thing you are (biometrics).
Every single one of my passwords is unique and randomly generated and at least 32 characters, none of them are getting brute forced unless there is a sudden gigantic leap in quantum computing. And if that happens, the world has bigger problems than my passwords.
Having a separate identity factor, something that I own, is not to save me from myself. It's to save me if someone steals my phone or laptop and is able to get into it.
Now we all face different threat models and if your threat model doesn't call for having a totally separate identity factor, great! There's nothing wrong with that. But we don't all face your threat model, and some of us do indeed need a second identity factor that's not stored in the same place as the password.
> Having a separate identity factor, something that I own, is not to save me from myself. It's to save me if someone steals my phone or laptop and is able to get into it.
What if that second factor is physical and stolen along with the things it was supposed to protect? What if your biometrics are cloned in some way?
Having TOTP synchronized across devices, but protected by passwords mitigates those risks as well as the risk that you lock yourself out by loss of a physical token.
> Every single one of my passwords is unique and randomly generated and at least 32 characters, none of them are getting brute forced unless there is a sudden gigantic leap in quantum computing.
One of the threat models that I consider is there being a bug in the particular RNG/encryption algorithm implementation used to get that encrypted password. In that case, my password can possibly be brute forced much faster than purely random guessing.
- 2fa is still good for stopping someone who steals your password but not your whole vault - 2fa blocks people from guessing your password (through brute force etc)
So there is still quite a bit of benefit.