Hacker News new | past | comments | ask | show | jobs | submit login

My "solution" to this problem is: hardware keys with backups for the really important services—Bitwarden, Google, domain registrar, etc. And then for stuff that isn't absolutely critical, I just use an OTP stored in Bitwarden. As for having both the password and OTP stored in the same place, the way I see it, the OTP is mainly protecting against keyloggers, data breaches, etc. And then I figure, if someone gets into my Bitwarden account, I'm already fucked anyway, so it's whatever.

I currently have four Yubikeys: one on my keychain, one in my apartment, one to take with me while traveling, and one at my parents' house. I figure this should be adequate to ensure I never get locked out of Bitwarden or Google, which would be an utter disaster.




That sounds like a pretty reasonable solution, just doing it for the ‘crown jewels’.

The OTP in the password manager one is another thing I’ve struggled to wrap my head around. There’s an interesting conversation about it with folks at 1Password for those interested: https://1password.community/discussion/101714/why-is-it-a-go...


Now that Bitwarden supports passkeys, I hope the "copy 2fa code to clipboard" approach to 2fa integration will soon come to an end.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: