[clysm]

> There was and is absolutely nothing wrong, and quite a lot right, by having the 2FA program completely separate from your password vault.

Did you read the article? That's what they say.

> For maximum security, you can store your 2FA token elsewhere ... but for general purpose use, storing your 2FA in your password manager is an acceptable solution due to the convenience benefits it provides.

[baobabKoodaa]

> Did you read the article? That's what they say.

No, that's not what they say. If you read the text that you just now quoted, you will see that it says "storing your 2FA in your password manager is an acceptable solution due to the convenience benefits it provides". Clearly the writer of that text believes there _is_ something wrong with having 2FA completely separate from the password vault: it is less convenient, to the extent where they are happy recommending this horrible approach to laypersons.

In addition, if you go and read OP, you will find that they talk about the potential of losing access to your TOTP codes stored in Google Authenticator. So that's another thing that counts as "something wrong" with storing 2FA separately from password vault.

So there's at least 2 things in the article that count as "something wrong". So they definitely didn't say that there's "absolutely nothing wrong".

[cycomanic]

They say it's less convenient, that doesn't mean they say it's wrong. And yes it is less convenient, why are you saying it's "horrible"? Security is always about compromises, if the less convenient method causes people to come up with workarounds then it would be worse even if in theory it's more secure.

[baobabKoodaa]

> if the less convenient method causes people to come up with workarounds then it would be worse even if in theory it's more secure

but that's literally what this is... the less convenient method (2FA) caused people to come up with workarounds (saving 2FA secrets in their password vaults)... and I'm saying it's horrible