[nlawalker]

You are better off security-wise with 2FA enabled than without it (for the phishing-related reasons mentioned in TFA - EDIT: taviso is correct in their comment, it's more about protection against credential stuffing than phishing), regardless of where you put the codes, so if being able to put the codes in your password manager is going to be the difference-maker in someone electing to use 2FA, they should do it.

It's the same idea with using a password manager in the first place - if a password manager is going to be the thing that gets you to use secure passwords that vary across services, it's worth the tradeoff of having all of those passwords in one place, because you're much more likely to be compromised by a bad password than by a password manager leak.

[jasonjayr]

The risk is that if your password manager's database is stolen, then an attacker can do an offline decryption attack on it, and should they succeed, they have both parts of the login to compromise you.

At the very least, you SHOULD keep the 2FA credentials in a separate database (IE, keepassxc can keep multiple databases), so an attacker would need to double their efforts to get both parts of the login.

[ziml77]

Are there any reasonable attacks against AES-GCM-256 where the key is a mix of a randomly generated 128-bit key and a password? If not then I have no concerns about an attacker cracking my 1Password database.

[Eddy_Viscosity2]

> Are there any reasonable attacks against AES-GCM-256 where the key is a mix of a randomly generated 128-bit key and a password? If not then I have no concerns about an attacker cracking my 1Password database.

Hackers rarely break through the front door. They find a vulnerability elsewhere in the code, your OS, other programs on your computer, the companies servers, the companies staff, and so on. You have to have full faith not just in the encryption algorithm, but its implementation, everything and everyone around it and everywhere it operates and interacts with. Any one of these could be a route in.

[bluGill]

The password is generally the weak point. If you can remember it any modern computer can guess it in a short time. Which is why password generation is so imporant.

[yoble]

I don't think that's correct as a blanket statement - you can use a passphrase, or remember a 14+ character password since you only have one to remember.

Even if it's only random-ish, password managers do key stretching (for example by hashing the password 600k times - bitwarden has a high default value and lets you increase it if you like) so that it has to take some computational effort to check if a single password is correct. That's why it take a few seconds to unlock your vault each time.

With these in place I think you're pretty safe for a long time. (Well, maybe until quantum computing breaks those cyphers?)

[baliex]

> If you can remember it any modern computer can guess it in a short time.

That's not true. A long sentence of your choosing is easy to memorise and plenty long enough to not be able to be guessed by a computer (brute force).

[bluGill]

That isn't a word though.

[number6]

As a German I have access to words like "Moselschifffahrtspolizeimützenverordnung" and that's a mild one :)

[Modified3019]

Paraphrases are much easier than passwords in this regard. Though I fear keylogging more than brute forcing what my main password is.

But this is why I use security keys like yubikeys. Doesn’t matter if an attacker knows my main password for any number of reasons, there’s fuckall they can do with it without my physical key.

And even if they get into my vault and extract passwords, for many websites (in particular the most important ones) they’d still need to use my security key, they can’t just use the passwords.

Attacks are still possible (with browser session fuckery?) but much harder that yet another breach where a website was storing passwords in plaintext

Note, it’s best to not select “remember me” for Bitwarden: https://bitwarden.com/help/twostep-faqs/#q-why-is-bitwarden-...

[Brian_K_White]

This leaves yourself too vulnerable for my taste.

I like, no I think it's simply a hard requirement, that I can recover from nothing but the contents of my head. I can wake up naked in a foreign country and regain everything.

[yablak]

I'm also interested in the answer to this question. Can one separate the cracking of the password and the key?

[EPWN3D]

The threat model of password managers and encryption as a whole assumes that the adversary has the ciphertext. If the adversary can decrypt it, then the encryption algorithm is fundamentally broken.

There is literally no point to encryption if possession of the ciphertext is sufficient to extract the secret.

[ghjfrdghibt]

Or you can protect the database with a keyfile and/or a hardware key meaning you need 2 or 3 factors for the database.

This is what I do for my keepass database. It means I can store my database in a cloud service of my choice for sync purposes too.

[WXLCKNO]

After seeing people lose cryptocurrency first hand through the LastPass leaks (hot wallet seed phrases, which is still stupid to have online but..), I really feel like the odds of a leak being the cause of any issues higher than a bad password, for tech savvy security conscious users at least.

[01HNNWZ0MV43FF]

Wasn't that because they had backed up their password vaults to LastPass' cloud service?

I use KeePass, never upgrade it, and only back it up to my own cold spinning drives. If malware stole my local vault I'd be in trouble, but it's more convenient than keeping my passwords on paper.

[niij]

LastPass is inherently a SaaS, right? There is no ability to use it without syncing your vault to their servers.

[justinclift]

Maybe Bitwarden would be the better alternative, as its OSS?

https://github.com/bitwarden

[connicpu]

Part of why I avoid password managers that use their own cloud system. Storing my vault in a regular cloud database, not a password-specific one, to me makes it much less likely my vault will be compromised.

[rkagerer]

Not criticizing, but I'd rather not have it in the Cloud at all.

[kcartlidge]

> After seeing people lose cryptocurrency first hand through the LastPass leaks

The reason for those losses was partially that LastPass was encrypting with extremely low iterations on long-standing accounts (it also may not have helped that they didn't encrypt URLs either). That was a terrible practice which isn't duplicated by credible alternatives.

As a matter of opinion you may still be right, though personally I consider the risks of a bad password to be higher than a leak purely because without a password manager making it simple to use long random passwords most do tend to be bad ones (duplicated/short/guessable/engineerable) as those are the only ones that are memorable.

It's the usual trade-off between security and usability, with the perfect being the enemy of the good, especially in regard to pushing less technical users to solutions which may not be ideal but are still much safer.

[watermelon0]

If you store both in one place, it's similar to 1FA. In such case it's a lot better to just use passkeys (where supported).

[crazygringo]

Good point about it being similar to passkeys.

But why would it be better to use passkeys?

Because don't sites with passkeys generally still allow you to fall back to password, since it's common for people to lose their phone and then lose their passkey? Whereas sites with 2FA obviously don't, and have more complicated/secure recovery mechanisms?

So seems to me like 2FA (TOTP's) are currently vastly better in practice?

[jamesmotherway]

Hardware keys and passkeys are better because they can't be phished. In the case of hardware keys, one should register multiple to prevent lockout. Most implementations of passkeys seem to be portable, letting them exist on multiple devices (something that gives me pause).

If an adversary can successfully phish someone, they can often also trick them into providing TOTP codes or approving push notifications. However, TOTP remains significantly better than the alternatives, as it prevents credential stuffing attacks and SMS-related compromises while potentially limiting any account breach to a single session.

[crazygringo]

> Hardware keys and passkeys are better because they can't be phished.

I think you're missing the point I made -- that because of the way sites are currently set up, your password can be phished even if you have a passkey, and your password is good enough to get you in.

So given that that is the current state of things, isn't TOTP better because it prevents this? Because at least the TOTP won't let an adversary get in a second time.

[jamesmotherway]

Sorry, I overlooked part of your post earlier - I'm tired. As I previously alluded to, I don't use passkeys due to concerns about their implementation. Whether passkeys are better than TOTP really depends on the individual user's circumstances.

Which service is it? Do they ever use that password?

If I were used to signing in with a passkey, I'd find a password prompt suspicious. While the average person might not, it's also possible they would have forgotten the password entirely. There are other services that force TOTP even with hardware keys enrolled. Technically they can be phished, but it would not be successful in all cases.

Unfortunately, varying behavior and support for multifactor protocols (along with risky reset flows) makes it hard to give blanket recommendations.

[Ferret7446]

Most sites that allow a passkey also require you setup 2FA with your password when enabling passkeys. Which, unless you also set up an alternative method like TOTP, would also be your passkey.

So ironically, your options would be your passkey, or your password+passkey/FIDO key (in 2FA mode).

[zzyzxd]

How many places is generally irrelevant. If a system requires user to provide 2 factors to authenticate, it is 2FA. A password manager software itself should be no exception.

[jamesmotherway]

If the vault requires a hardware key and master password to access the encrypted password and token, would you still describe it as single-factor authentication?

[Spooky23]

TOTP tokens aren’t really MFA anyway. They are just another type of password that is more protecting against bad password practices and other compromises. They deliver multi-step auth.

Tokens that increase the trust level of an authentication come with additional controls (tamper resistant hardware, passcode, etc)

For normal people, a FIDO token delivers the highest level of security and integrity.