undefined | Better HN

0 pointsTerr_6d ago0 comments

> putting your TOTP/MFA in your password manager

I suppose the inverse would be starting with a device that offers TOTP/MFA, and then making your password-manager/vault somehow available on that same device. In either case, bringing them together makes it easier for an attacker to compromise both at the same time.

On reflection, I've never actually put my (personal) password vault on my phone, but that may be less of a conscious security stance than fulfilling a millennial stereotype, where certain tasks (like big purchases) are reserved for "a real computer."

Closest I've gotten is having my USB backup keychain in the same pocket, so I could get to it in an emergency, but it's inconveniently air-gapped.

0 comments

2 comments · 1 top-level

rectang6d ago· 1 in thread

As much as I like the Apple Passwords app, one of its downsides is that if I have my TOTP app on my iPhone, both passwords and TOTP live on the same device. So for many services I use Bitwarden for passwords.

mcfly_c-1375d ago

For TOTP i use ente auth[0], which i can higly recommend.

i also force most apps on iOS to ask for face id (long press on app icon to set this).

[0] https://ente.com/auth/

j / k navigate · click thread line to collapse