Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

lifereinspired

macrumors member
Original poster
Jul 9, 2019
46
21
Hi,

I'm trying to move towards actually using 2FA/TOTP. The few sites I actually use it on right now, I'm using SMS but I'm considering switching to one of the auth apps instead. I'm wondering the benefits of using a separate 2FA/TOTP manager vs using a password manager that also handles 2FA. I know several password apps are adding 2FA management support (like 1Password, LastPass, Enpass, etc). I love the idea of all in one for convenience sake (and maybe even privacy, one less account to leak), but I'm wondering if that also defeats the purpose of having them separate. What are your thoughts on this? Would you use an all in one app for pass/2FA or would you use a separate app always? If so, what are your favorite 2FA apps? Thanks so much for any thoughts!
 
Since a few weeks I am using 2FA/TOTP with Enpass. It works great and I like having everything in one app. I think 2FA is working as intended this way, even if all data is coming from a single app.
 
Thanks for your reply! Enpass looks amazing. I'm definitely interested in it. :) I'll check it out!
 
I have two apps for this, as not wanting all my security eggs in one basket, should the all-in-one app have a massive failure, bug, etc making it useless and or leaking data.

Been a while since I tried Enpass, but if still similar, like that then they did not require a cloud account managed by them to sync data between devices.
 
  • Like
Reactions: max2
In my opinion, it is better to have two separate apps. That way, if there should be a problems with the password manager, you could still have access to your sites.

I use OTP Auth for OTP. The best app there is for such and it is free. Much better than Authy.
 
  • Like
Reactions: jpiszcz and max2
Never use an all in one solution - password manager and an authenticator. If someone gets access to your password manager it will then give them the keys to everything. Separating them out increases the difficulty for anyone to gain access to any account (as long as the account has 2FA activated). I personally use 2FA on all email accounts and sites like Ebay, Amazon. I even have created an specific email just for my password manager, therefore, making it less likely to be out in the wild if there is a breach on a site. If you really wanted to make it even more secure you could use a hardware 2FA key. The advantge of this is if someone managed to get into your device and your password manager then they would need further access to your 2FA hardware key as software 2FA will not work (only is the software 2FA is disabled). It is advised if you go down this route to have a 2nd 2FA key incase you lose your hardware key.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.