She doesn't have to remember the secret key. She prints out copies and puts them somewhere safe.
> Both LastPass and Bitwarden (and 1Password) support 2FA [...] the UX is much better and more secure than using a secret key
No. Please don't make statements like this if you're not certain. 2FA confers zero benefit in a breach like this one. It is merely an access control, and doesn't provide any cryptographic benefit. Secret keys, however, make such a breach basically worthless. No amount of rainbow table usage or master password compromise will help you unless you can obtain the secret key.
No comments yet.
