[almyk]

I think it is safer to have 2FA in your password manager than not using 2FA at all. Because even if they got your password, if they don't have access to your password manager they can't login.

If you protect your password manager with a yubikey or any other hardware key, then your 2FA inside your password manager is quite secure and convenient. But this is very individual, what your threat model is and how secure you want/need to be.

[Aachen]

See also the considerations mentioned in the sibling thread btw: https://news.ycombinator.com/item?id=41793846

> even if they got your password, if they don't have access to your password manager they can't login.

Wouldn't the same argument go for a non-2fa password? What's the difference between a randomly generated 2fa secret and a randomly generated password here?

[account42]

An eavesdropper able to intercept connections could record your password in transit but would only get the current 2FA token which quickly becomes useless. But with TLS eavesdroppers are not a realistic concern for most people so the actual benefit is still questionable.