Is this some sort of a convenience feature hidden behind a paywall to justify purchasing their subscriptions or does generating the codes actually cost money? If the latter is the case, how do applications like Aegis do it free of cost?

  • Amju Wolf@pawb.social
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    You are only at a 1FA level if someone hacked your PW-Manager but in that instance you’re most likely fucked anyway

    As long as you at least have actual, separate 2FA for access to your recovery email(s) you should be more or less fine.

    Unless you mean that if your password manager is compromised it probably means that your device is compromised, which also means that you’re probably also a victim to a session hijack for the recovery email(s), in which case you are truly fucked.

    You can also have a multi-level approach where for “higher value” accounts you have a separate password database so the more valuable accounts aren’t exposed as much as everything else… There are definitely options.