0

I have come across many questions concerning what security benefit 2FA provide a password manager. (e.g. this question)

On the other hand, if I already use 2FA, why would I need a password manager? Won't I be notified if my (perhaps insecure) password becomes compromised? I.e. Someone cracking my password without being able to provide the second part of 2FA.

MSW
  • 1
  • 2
    *"Won't I be notified if my (perhaps insecure) password becomes compromised?"* - what has this to do with a password manager? A password manager is primarily used to protect many password with as (complex) passphrase and thus allows you to use complex passwords for many sites without remembering all of these. – Steffen Ullrich Jun 20 '21 at 18:30
  • 1
    You are assuming that 2FA will always be available and cannot be defeated or bypassed. Other than that, if you are not using a password manager, you are probably going to take the bad habit of reusing passwords, and the passwords may not be very strong. Since many sites do not offer 2FA you still have to maintain a sound password policy. – Kate Jun 20 '21 at 20:09
  • @SteffenUllrich Perhaps I asked the wrong question. Let's say I use 2FA for all my accounts. What is the point with having a complex password/phrase? Does it all come down to the availability of 2FA and it's security? – MSW Jun 20 '21 at 20:32
  • The reason I ask is that I recommended someone using a password manager. He then pointed out that he uses 2FA for everything of importance and that he cares for. Why would he need a password manager? I genuinely could not answer his question. Further, he made me wonder why I would need it, as I am generally in the same position. – MSW Jun 20 '21 at 20:45
  • 1
    Because "two-factor" authentication requires 2 factors. If you weaken one, you're back down to a single factor. The concept you are looking for is "defence-in-depth". i.e. "don't depend on a single layer of protection". – schroeder Jun 20 '21 at 23:30

0 Answers0