Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

3
  • But if the password manager somehow gets hacked, it would give the attacker both the passwords and 2FA keys right? It sounds contradictory to the purpose of 2FA to store them in the same place (security.stackexchange.com/a/73531/264243) Commented Aug 5, 2021 at 3:13
  • @Balu As always, it's a tradeoff. Storing everything in a single password manager is generally easier, but is less secure if your password database is compromised. Personally, I feel it's unlikely enough that such a situation occurs that I'm happy to accept the risk. You may not feel that way, and instead want to consider a separate "password" database for 2FA details or hard copy printouts of the codes (more secure, but has considerable drawbacks in terms of use). Commented Aug 5, 2021 at 13:05
  • @Balu Non practical security is useless, it should be secure enough and should be practical to daily use. You can have 2 different password managers, one storing the password and another the TOTP tokens, but in time you will get frustrated of needing both and end up not activating 2FA on every service, or end up putting TOTP tokens on the password database. Commented Aug 5, 2021 at 13:14