Password managers and two-factor authentication

zen

macrumors 68000
Original poster
Jun 26, 2003
1,714
462
I'm looking at upping my online security, and have installed a trial of 1Password across my devices.

However, I was wondering - with two-factor authentication, is there actually any point in using a password manager?

I know password managers are designed to stop people using the same exact password for everything they log into, but if I use a strong password for everything, and have 2FA on everything, then it wouldn't matter if my details got pwned. Nobody can log into anything without 2FA.

This is the first time I have looked at password managers like 1Password, so I am quite happy to be schooled about why I should use both a manager and 2FA!
 

cruisin

macrumors 6502a
Apr 1, 2014
956
215
Canada
2 factor using SMS is susceptible to forging and copying in transport. iMessage highjacks your SMS for example. Google has stopped using it and use their Gmail app for example.

If you have multiple devices it is annoying to sign up on one device and then use a different device. If you have many accounts eventually you need to write the password somewhere or make a guessable pattern. Or if you use a site occasionally you might forget the password. Plus the manager makes a completely random password easily, so the manager essentially is a convenience option in many ways.
 

dangerfish

macrumors 6502a
Aug 28, 2007
532
112
I use 2FA whenever I can but I also utilize 1Password. Have for years. It is one of my “can’t live without” applications. Not every website offers 2FA so it’s still good to have a password manager that will generate and save complex passwords for you.
 
  • Like
Reactions: Mr. Heckles

BasicGreatGuy

Contributor
Sep 21, 2012
11,976
10,945
In the middle of several books.
I'm looking at upping my online security, and have installed a trial of 1Password across my devices.

However, I was wondering - with two-factor authentication, is there actually any point in using a password manager?

I know password managers are designed to stop people using the same exact password for everything they log into, but if I use a strong password for everything, and have 2FA on everything, then it wouldn't matter if my details got pwned. Nobody can log into anything without 2FA.

This is the first time I have looked at password managers like 1Password, so I am quite happy to be schooled about why I should use both a manager and 2FA!
How are you keeping up with your site list and password usage right now?

1Password can do a lot more than hold website login information. One of the things I use 1Password for, is 2FA one-time codes. I prefer to use it since I am already paying for the service.

1Password also integrates very nicely with the Apple ecosystem which makes my day to day life that much better,.
 

zen

macrumors 68000
Original poster
Jun 26, 2003
1,714
462
Thanks for all the responses. I've gone ahead with 1Password, and 2FA wherever I can. So far, so good!
 
  • Like
Reactions: BasicGreatGuy

Tech198

macrumors G5
Mar 21, 2011
14,620
1,679
Australia, Perth
I'm looking at upping my online security, and have installed a trial of 1Password across my devices.

However, I was wondering - with two-factor authentication, is there actually any point in using a password manager?

I know password managers are designed to stop people using the same exact password for everything they log into, but if I use a strong password for everything, and have 2FA on everything, then it wouldn't matter if my details got pwned. Nobody can log into anything without 2FA.

This is the first time I have looked at password managers like 1Password, so I am quite happy to be schooled about why I should use both a manager and 2FA!
My mate decided pay $50 a year (about $3 per month)

The purpose of 2 Factor is to make it more secure as someone who is identifying is trustworthy by a code sent to their device(s_,, , and there is still a 30 second window of opportunity, ..

eg. if you get a code, but choose not to use it straight away, someone else can...

Unlikely for this to happen with 30 seconds, but it can...

Compare that to a password manager (many also support TouchID), so that *guarantees* no one can access. if using a strong a strong password .. Just one strong password, no one can access your vault. which stores all your passwords.

Besides, not all websites use two factor... This is why password managers come in handy, and still maintain that security. To me, a password manager is actually better than 2FA, because i still reckon despite 2FA is extra level, its subverting the fact people can use simple passwords "on top" of better security. eg having a simple password, but also having trusted device to authenticate with, where as a password manager with a strong password is all that would be needed anyway. to achieve a better result.
 
Last edited:

AidenShaw

macrumors P6
Feb 8, 2003
18,145
4,223
The Peninsula
My company uses two layers of authentication, depending on the sensitivity of the application.

It's Active Directory based (even for Apples). The AD authentication is OK for low sensitivity apps. For higher sensitivity apps (like payroll, VPN access, ...) you need the AD credentials plus a 2FA token.

These aren't SMS text messages - too risky. Instead we have either little keyfob token generators, or a smartphone app that does the same thing. ( https://www.symitar.com/online-and-mobile/pages/symantec-hard-tokens.aspx )

enroll-step6[1].png
My AWS accounts also require 2FA, using the smartphone apps.