Password managers and two-factor authentication

[zen]

I'm looking at upping my online security, and have installed a trial of 1Password across my devices.

However, I was wondering - with two-factor authentication, is there actually any point in using a password manager?

I know password managers are designed to stop people using the same exact password for everything they log into, but if I use a strong password for everything, and have 2FA on everything, then it wouldn't matter if my details got pwned. Nobody can log into anything without 2FA.

This is the first time I have looked at password managers like 1Password, so I am quite happy to be schooled about why I should use both a manager and 2FA!

 

[BrianBaughn]

A place to store and look up passwords when you can't remember.

 

[Mr. Heckles]

Because 2 factor isn't 100% safe, there are still works around.

 

[cruisin]

2 factor using SMS is susceptible to forging and copying in transport. iMessage highjacks your SMS for example. Google has stopped using it and use their Gmail app for example.

If you have multiple devices it is annoying to sign up on one device and then use a different device. If you have many accounts eventually you need to write the password somewhere or make a guessable pattern. Or if you use a site occasionally you might forget the password. Plus the manager makes a completely random password easily, so the manager essentially is a convenience option in many ways.

 

[dangerfish]

I use 2FA whenever I can but I also utilize 1Password. Have for years. It is one of my “can’t live without” applications. Not every website offers 2FA so it’s still good to have a password manager that will generate and save complex passwords for you.

 

[MacNut]

You try to remember a 50 something character password.

 

[Apple_Robert]

I'm looking at upping my online security, and have installed a trial of 1Password across my devices.

However, I was wondering - with two-factor authentication, is there actually any point in using a password manager?

I know password managers are designed to stop people using the same exact password for everything they log into, but if I use a strong password for everything, and have 2FA on everything, then it wouldn't matter if my details got pwned. Nobody can log into anything without 2FA.

This is the first time I have looked at password managers like 1Password, so I am quite happy to be schooled about why I should use both a manager and 2FA!

How are you keeping up with your site list and password usage right now?

1Password can do a lot more than hold website login information. One of the things I use 1Password for, is 2FA one-time codes. I prefer to use it since I am already paying for the service.

1Password also integrates very nicely with the Apple ecosystem which makes my day to day life that much better,.

 

[zen]

Thanks for all the responses. I've gone ahead with 1Password, and 2FA wherever I can. So far, so good!

 

[Tech198]

I'm looking at upping my online security, and have installed a trial of 1Password across my devices.

However, I was wondering - with two-factor authentication, is there actually any point in using a password manager?

I know password managers are designed to stop people using the same exact password for everything they log into, but if I use a strong password for everything, and have 2FA on everything, then it wouldn't matter if my details got pwned. Nobody can log into anything without 2FA.

This is the first time I have looked at password managers like 1Password, so I am quite happy to be schooled about why I should use both a manager and 2FA!

My mate decided pay $50 a year (about $3 per month)

The purpose of 2 Factor is to make it more secure as someone who is identifying is trustworthy by a code sent to their device(s_,, , and there is still a 30 second window of opportunity, ..

eg. if you get a code, but choose not to use it straight away, someone else can...

Unlikely for this to happen with 30 seconds, but it can...

Compare that to a password manager (many also support TouchID), so that *guarantees* no one can access. if using a strong a strong password .. Just one strong password, no one can access your vault. which stores all your passwords.

Besides, not all websites use two factor... This is why password managers come in handy, and still maintain that security. To me, a password manager is actually better than 2FA, because i still reckon despite 2FA is extra level, its subverting the fact people can use simple passwords "on top" of better security. eg having a simple password, but also having trusted device to authenticate with, where as a password manager with a strong password is all that would be needed anyway. to achieve a better result.

 

[AidenShaw]

My company uses two layers of authentication, depending on the sensitivity of the application.

It's Active Directory based (even for Apples). The AD authentication is OK for low sensitivity apps. For higher sensitivity apps (like payroll, VPN access, ...) you need the AD credentials plus a 2FA token.

These aren't SMS text messages - too risky. Instead we have either little keyfob token generators, or a smartphone app that does the same thing. ( https://www.symitar.com/online-and-mobile/pages/symantec-hard-tokens.aspx )

​

My AWS accounts also require 2FA, using the smartphone apps.