• bookworm@feddit.nl
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      I agree for the most part but it doesn’t entirely defeat the purpose. If someone got a hold of your password for a website it would still protect you. And let’s be honest, that’s the most likely scenario. But yes if someone got into your password manager then it’s completely game over. A scenario where having a separate 2fa device would still protect you.

    • kamin@lemmy.kghorvath.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It defeats the purpose in the scenario that your vault is stolen and decrypted. But it still protects you in the much more likely scenario that a data breach exposes your password somewhere else.

    • ebits21
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      edit-2
      1 year ago

      It definitely defeats the purpose. If you store them together there’s only one factor!

      Things you know, have, or are.

      It just becomes two things you know.

      • glacials@l.twos.dev
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Password managers do have two factors: the vault (have) and the master password (know).

        • ebits21
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Those factors need to be separate to be factors.

          • glacials@l.twos.dev
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            It depends on your password manager and sync method. With most if I take all your devices away from you, you can’t go to any public computer and access all your passwords using only what you know. You need to have one of your physical devices.