Not sure if this applies but incidentally I changed my otp manager from microsoft to vaultwarden today. Adding security keys in the process is mostly two additional clicks. Of the 20 accounts I migrated, only about 7 had the option and only with one it was more work than adding totp.
Its a pretty tough decision what to use for this imo since technically, you‘re right. Then again, you already have to log into your os and unlock the password safe to get the passwords or the otps.
The reason why mfa is done is if your password leaks you are not completely effed. You can obviously use a second selfhosted service with a different password but chances are most people would rather use something easier.
Also, passkeys work the same way. They work if you are logged into a device. That way you get no additional password except you can only use it from the device in question.
Not sure if this applies but incidentally I changed my otp manager from microsoft to vaultwarden today. Adding security keys in the process is mostly two additional clicks. Of the 20 accounts I migrated, only about 7 had the option and only with one it was more work than adding totp.
Yeah I use bitwarden and it was pretty panless. My only issue was on github the addon didn’t pick up on the passkey initially, had to make a new one.
Happy to hear it works for others as well. :)
Doesn’t using the same service for password management and OTP defeat the purpose of 2FA?
Its a pretty tough decision what to use for this imo since technically, you‘re right. Then again, you already have to log into your os and unlock the password safe to get the passwords or the otps.
The reason why mfa is done is if your password leaks you are not completely effed. You can obviously use a second selfhosted service with a different password but chances are most people would rather use something easier.
Also, passkeys work the same way. They work if you are logged into a device. That way you get no additional password except you can only use it from the device in question.