deleted by creator
There’s a balance between convenience and security and IMO storing both on 1Password is fine. An attacker getting into your 1PW account would require them having
-
your username
-
and your password (which should be unique to only 1PW)
-
and your secret key
-
or physical device access with your 1PW password or biometric auth credentials
in which case an attacker really wants your stuff, has your device, and you have bigger issues.
I feel like this is similar to saying “is your front door lock strong enough?” when a thief is at your door and really wants to get inside, regardless of level of effort required.
-
How hard is it to use a separate password manager and MFA app? I personally don’t keep any MFA codes in keychain because it’s not convenient to retrieve the passcode in most cases.
You’re posting this on an Apple forum so I have to ask: how is not convenient? If you use iCloud Keychain + Safari everywhere, it’s ridiculously convenient. I went through some contortions in order to migrate my Symantec VIP codes to iCloud Keychain just so I could have that sweet code integration.
I can’t use my 2FA codes on devices that aren’t connected to my Apple ID, my work devices use Apple Business Manager apple IDs. I have a PC I use for Sony Vegas, etc.
I’m on all the betas so I can’t be sure if it’s available to everyone but apple’s keychain gives you the option of using Authy or google chrome 2FA codes so, at least on Mac, your codes will auto-populate
