[deafpolygon]

I see 2FA is often misunderstood by people. The basic premise with 2FA is that you combine “something you know” with “something you have”.

You are already part of the 2FA — you’re the first factor: “something you know”.

The second factor: “something you have” — often a personal device, or an object. This is ideally something no one else can be in possession of at the same time as you are.

[sigio]

Except that for 99% of my passwords, I am 100% sure I do not, and never will, know them, they are 60-100+ bytes of random data, only known by my passwordmanager. The only thing I know, is the passphrase for my passwordmanager. TOTP codes are also stored in there, but I see it more as a replay-protection for captured passwords, though this is also really a non-issue in this time of almost no plaintext protocols.