Why do password managers charge for TOTP code generation? - eviltoast

Is this some sort of a convenience feature hidden behind a paywall to justify purchasing their subscriptions or does generating the codes actually cost money? If the latter is the case, how do applications like Aegis do it free of cost?

  • beeb@lemm.ee
    link
    fedilink
    arrow-up
    35
    ·
    1 year ago

    The reason that 2fa exists is not to protect you if someone gets their hands on your device. It’s to protect you if your “static” credentials leaked from a providers’ database or you otherwise got phished. Using a password manager to handle mfa is totally reasonable.

    • 4am@lemm.ee
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      If you are really worried about the password manager being an intrusion vector, secure your vault with a hardware key.

      • Acters@lemmy.world
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        1 year ago

        You can be paranoid and split the two, but most people(99%) will be perfectly fine with KeePass.

    • ddnomad@infosec.pub
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      It is reasonable yet subpar under a threat model where you do not trust any single provider, which is a model I find appropriate most of the time.

    • Amju Wolf@pawb.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      There are other ways your password database could leak. For example you could use a weak password, or it could leak in some way, and if you store it on a cloud service that also got compromised you’d be fucked without a compromised device.

      But yeah, all these are much less likely.