Joe Brockmeier (@jzb)Sep 23, 2024

Authenticating to a website, 2010: Type in username and password

Authenticating to a website, 2024:
- Type in username
- Look up 20-character password in password keeper
- wait
- Prompt for 2FA token
- Dig out phone
- Unlock phone
- Scroll through 50 services to find 2FA token for website
- Type in 2FA token
- Success
- Receive email alerting you to the fact you've logged in
- Six weeks later: receive email telling you service had been compromised eight weeks ago and you must change password.

Show threadsoloSep 24, 2024
@jzb tbh I hate services forcing 2fa on you when you don't need it, so I just store my 2fa codes in bitwarden. yes, it makes it not actually 2fa. no, I don't care.
Show threadwinterSep 24, 2024
@solonovamax @jzb It's still beneficial. There are a couple things i don't keep in Bitwarden but most of it i do. I guess i could separate them out but it seems so tough given how 2fa works.
Show threadsoloSep 24, 2024
@winterayars @jzb yeah if it was smth where I really cared about the security I'd use actual 2fa
Show threadOliver JensenSep 25, 2024

@solonovamax @winterayars @jzb arguably it's still 2fa (assuming you 2fa into your pw manager)

The second factor is something you have: you're using the device from which you 2fa'd into your password manager.

Show threadsoloSep 25, 2024

@ojensen @winterayars @jzb I'm not using 2fa for my password manager lol (tbh I prob should, but, inconvenient)

so it's not really 2fa

Show threadOliver Jensen

@solonovamax @winterayars @jzb ok so I'm going to disagree *hard* with the idea of not 2fa'ing into your pw manager. For real, you should set that up right now.

It's not inconvenient, you do it like once every 30 days or something.

Sep 25, 2024 at 3:37amWeb
Show threadsoloSep 25, 2024
@ojensen @winterayars @jzb my password manager logs me out after like 30 mins
I also use a unique & long password for it that I don't use anywhere else
Show threadJoachim JablonOct 3, 2024
@solonovamax @ojensen @winterayars @jzb (you mean lock or logout ? If lock, bitwarden doesn't request 2FA on unlock (unless you request it specifically). If logout... why ?
Show threadwinterSep 25, 2024
@ojensen @solonovamax @jzb I definitely have 2fa on my password manager and recommend it. I don't make it ask every time but it's on there.