[cheald]

Which is precisely why it's irresponsible to give people the rope to hang themselves with by supporting 2FA seeds in password managers (much less telling them it's a good idea), IMO.

People take the path of least resistance; we know this. It's why, for the longest time, people used one password for everything. People don't like using password managers, either, but we would all agree that it's unacceptably insecure to not use them, because the alternative is "one password used everywhere, maybe with a single varying digit on the end".

[Trasmatta]

> People take the path of least resistance; we know this

If you remove the ability to store 2FA codes in password managers, the path of least resistance becomes "people don't use 2FA at all".

[cheald]

I don't think that's true at all. 2FA has been a popular solution for many years, well before the addition of TOTP support to the popular password managers.

[pwg]

For some sizable amount of the user base, assuming they can even be convinced to use a password manager in the first place, not being able to also store 2FA codes in the manager will become their excuse to not use 2FA codes.

A great expanse of users (note, not normally the ones who frequent HN) see all these 2FA codes, and passwords as well, as just an irritating impediment to accomplishing whatever goal it is they wish to accomplish at the time.

[Trasmatta]

Was it actually popular among non tech people? I feel like nobody I knew outside of developers had ever used a 2FA code until maybe 3 or 4 years ago (unless they were forced to)