• theherk@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 days ago

    I don’t view it as simply compromised or not. How a password is compromised is relevant. The vast majority of issues aren’t somebody gaining access to your logged in machine. Passwords are nearly always compromised from a server mishandling data.

    That means in most cases 2FA near a password is not likely to be an issue. I’m not saying I recommend it, but it does change the risk evaluation.

    • pulsewidth@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      19 hours ago

      Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. It’s not just services mishandling their data that people should consider as likely vectors.

      I do agree about evaluation - it doesn’t matter much with stuff like a forum account that has 2FA, but I certainly wouldn’t put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It weakens your protection if something does go wrong.