Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Password managers and two-factor authentication

zen

zen

macrumors 68000
Original poster
Jun 26, 2003
1,713
472
I'm looking at upping my online security, and have installed a trial of 1Password across my devices.

However, I was wondering - with two-factor authentication, is there actually any point in using a password manager?

I know password managers are designed to stop people using the same exact password for everything they log into, but if I use a strong password for everything, and have 2FA on everything, then it wouldn't matter if my details got pwned. Nobody can log into anything without 2FA.

This is the first time I have looked at password managers like 1Password, so I am quite happy to be schooled about why I should use both a manager and 2FA!
 
2 factor using SMS is susceptible to forging and copying in transport. iMessage highjacks your SMS for example. Google has stopped using it and use their Gmail app for example.

If you have multiple devices it is annoying to sign up on one device and then use a different device. If you have many accounts eventually you need to write the password somewhere or make a guessable pattern. Or if you use a site occasionally you might forget the password. Plus the manager makes a completely random password easily, so the manager essentially is a convenience option in many ways.
 
  • Like
Reactions: Maddie Taylor, V.K., Mr. Heckles and 1 other person
I use 2FA whenever I can but I also utilize 1Password. Have for years. It is one of my “can’t live without” applications. Not every website offers 2FA so it’s still good to have a password manager that will generate and save complex passwords for you.
 
  • Like
Reactions: Mr. Heckles
zen said:
I'm looking at upping my online security, and have installed a trial of 1Password across my devices.

However, I was wondering - with two-factor authentication, is there actually any point in using a password manager?

I know password managers are designed to stop people using the same exact password for everything they log into, but if I use a strong password for everything, and have 2FA on everything, then it wouldn't matter if my details got pwned. Nobody can log into anything without 2FA.

This is the first time I have looked at password managers like 1Password, so I am quite happy to be schooled about why I should use both a manager and 2FA!
Click to expand...
How are you keeping up with your site list and password usage right now?

1Password can do a lot more than hold website login information. One of the things I use 1Password for, is 2FA one-time codes. I prefer to use it since I am already paying for the service.

1Password also integrates very nicely with the Apple ecosystem which makes my day to day life that much better,.
 
Thanks for all the responses. I've gone ahead with 1Password, and 2FA wherever I can. So far, so good!
 
  • Like
Reactions: Apple_Robert
zen said:
I'm looking at upping my online security, and have installed a trial of 1Password across my devices.

However, I was wondering - with two-factor authentication, is there actually any point in using a password manager?

I know password managers are designed to stop people using the same exact password for everything they log into, but if I use a strong password for everything, and have 2FA on everything, then it wouldn't matter if my details got pwned. Nobody can log into anything without 2FA.

This is the first time I have looked at password managers like 1Password, so I am quite happy to be schooled about why I should use both a manager and 2FA!
Click to expand...

My mate decided pay $50 a year (about $3 per month)

The purpose of 2 Factor is to make it more secure as someone who is identifying is trustworthy by a code sent to their device(s_,, , and there is still a 30 second window of opportunity, ..

eg. if you get a code, but choose not to use it straight away, someone else can...

Unlikely for this to happen with 30 seconds, but it can...

Compare that to a password manager (many also support TouchID), so that *guarantees* no one can access. if using a strong a strong password .. Just one strong password, no one can access your vault. which stores all your passwords.

Besides, not all websites use two factor... This is why password managers come in handy, and still maintain that security. To me, a password manager is actually better than 2FA, because i still reckon despite 2FA is extra level, its subverting the fact people can use simple passwords "on top" of better security. eg having a simple password, but also having trusted device to authenticate with, where as a password manager with a strong password is all that would be needed anyway. to achieve a better result.
 
Last edited:
My company uses two layers of authentication, depending on the sensitivity of the application.

It's Active Directory based (even for Apples). The AD authentication is OK for low sensitivity apps. For higher sensitivity apps (like payroll, VPN access, ...) you need the AD credentials plus a 2FA token.

These aren't SMS text messages - too risky. Instead we have either little keyfob token generators, or a smartphone app that does the same thing. ( https://www.symitar.com/online-and-mobile/pages/symantec-hard-tokens.aspx )

enroll-step6[1].png
My AWS accounts also require 2FA, using the smartphone apps.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back