Reusing passwords should be illegal and if you do this you're gonna have a bad time
Login to reply
Replies (25)
probably like 98%
Using the same password manager for passwords and 2FA should be illegal. If you do this, you're gonna get fucked.
It's on my to do to fix this up...
I reuse my nsec everywhere
Assume all passwords are compromised. No pvt key material online, ever. Analog with signing devices only.
i want to sign files with itπ€
9ζ18ζ₯οΌδΈδ½ηζ΄»ε¨ζ·±ε³ηζ₯ζ¬ε©εε¨δΈε¦ιδΈιιθ’ε»οΌδΈζ²»θΊ«δΊ‘γπ― 
1984ηεΉΏζ
X (formerly Twitter)
θ±η£η²Ύι (@douban_one) on X
9ζ18ζ₯οΌδΈδ½ηζ΄»ε¨ζ·±ε³ηζ₯ζ¬ε©εε¨δΈε¦ιδΈιιθ’ε»οΌδΈζ²»θΊ«δΊ‘γπ―
https://t.co/Zcci8jnTSE
I only reuse other people's passwords.
Why
So, you want the state to have access to everyone's private keys? /sarcasm
If they crack your password manager you're dead. No single points of failure π
If my login information is breached, I'm protected by my 2FA codes.
If my 2FA codes are breached, my login information are still safe.
2FA is meant to provide extra security. This is pointless if your login info and 2FA info are in the same place.
No one is going to be able to do that. It helps to not use something terrible like lastpass or dashlane.
I have had the same ATM pin number since 1998. I have changed banks 4 times.
True if your password manager has a terrible security model, but not so if secured itself by multiple keys that never see exposure to the internet.
what if you put 2fa in the manager but the 2fa for the manager is in a different authentication software? convenient and more secure π€
Check this out. I haven't come across another password manager with a security model like this: https://1passwordstatic.com/files/security/1password-white-paper.pdf
However, put the most important 2FA in a separate app. Leave the Netflix/Amazon 2FA in the password manager.
Be aware: likely the most important 2FA are those for your email accounts. All your email accounts.
I love 1Password and have been using them for a few years now. I would recommend them wholeheartedly.
I also recommend Bitwarden as a secondary service.
I need to look into Bitwarden's security model more, but I'd probably only feel comfortable running it locally unless they have a comparable design to 1Password. Aside from their security principles, the other thing i really love about 1Password is how multiplatform they are. Wonderful apps for Windows, Mac, and Linux, and they have a cli and SSH agent i use in Linux.
One to rule them all
Imagine zwinge you nsec for Bitwarden.
Absolutely terrifying. I wonder π they imagined π gods, demons and monsters battling in the π heavens and seas.