[Justsignedup]

the weird thing is:

- if you use 1password (an example), then you're generating a bunch of random and unique passwords for every site - questions to verify you as a 2fa tends to be less secure since you tend to make simple answers for those. And they're not convenient to enter into 2fa apps. - 2fa apps are typically great ways to guarantee one bit of randomness into the process

[tracker1]

I use the same app for most 2fa and the passwords themselves (Bitwarden). It makes the 2FA slightly weaker being in the same app, but infinitely more useful. It does bug me that they (Bitwarden) as a service want me to use 2FA for first logins, which makes it harder to access. My master passphrase is long, unique and only on their app/site.

[sam_lowry_]

Master password that you share with a third party?

I probably do not understand how Bitwarden works, but this feels wrong anyway.

[tracker1]

If trust issues and paranoia are sufficient, you can definitely self-host the server portion of the application, and many do. ;-)

Bitwarden is open-source enough to where all functionality can be self-hosted and run on one's own and reviewed. IIRC, there are a couple of non-floss modules for the commercial release in different directories under source control iirc... Some are more purist than others.