Techly NewsGet the app

Get the latest tech news

Why does storing 2FA codes in your password manager make sense?


Modern login systems require a second factor (2FA) to log in, in addition to the standard username and password combination. A Time-based one-time password (TOTP) as a 6-digit number is often used. Password managers like [1Password](https://1password.com/), [KeePass (or respective forks)](https://keepass.info/) and others offer the ability to store (and generate) the 2FA TOTP. For a long time, I was asking myself: *Why is it recommended to have a Username, Password, and 2FA in the same storage (like 1Password)? Isn't this against the basic idea of a second factor (regarding the storage places to gain access to)?*

There’s also the very simple view that backs the entire point of password managers: “Keeping your cryptographic keys safe is a seriously difficult problem to solve”. Centralizing them has a couple of downsides, but if you do a threat model and balance the unmitigated risks, using (for example) Google Authenticator to store your TOTP codes is significantly more likely to result in negative outcomes. These codes are stored on a set of three Yubikeys - one in my Every Day Carry (EDC), one in a safe place at home, and one in my bug-out bag.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of password manager

password manager

Photo of sense

sense

Photo of codes

codes

Related news:

News photo

Gurman: Voice Control for Next Magic Mouse 'Makes Sense'

News photo

Bill Gates Recommends Four Books That 'Make Sense of the World'

News photo

Cheat codes for LLM performance: An introduction to speculative decoding

« Tintin, Popeye Enter Public Domain as 1929 Works Released
The first PlayStation Plus games of 2025 include The Stanley Parable and Suicide Squad »