|
|
|
|
|
|
by mlfreeman
531 days ago
|
|
|
> it does nothing to protect you in the event of a password manager compromise. This is not a hypothetical; LastPass has suffered multiple breaches, and the more popular a solution, the more likely there are to be attacks against that solution. You can mitigate this risk by not depending on your password manager app to do cross-device sync..keep a file on Dropbox/OneDrive/iCloud Drive/SFTP/etc and use an app like KeePass/Strongbox/etc that just deals in managing credentials. My KeePass file storage provider doesn't know what the hell I store there because it's encrypted (I hope there are no known issues with KeePass's crypto) As a bonus, you can keep offline backups to mitigate other risks like house fire, lightning strike induced EMP frying things (happened to me), storage vendor goes out of business, and more. ------------- I think in the end, there is no universal solution - you really have to try to be reasonable about estimating your own personal threats and risks (such as asking "am I more likely to suffer a password manager compromise or more likely to break a device?") to decide whether to keep 2FA next to passwords or not. |
|
|