
Ask HN: Do you use your password manager to generate MFA codes? - satyenr
Certain password managers like 1Password offer the ability to generate MFA tokens within the same app. While that is certainly convenient, doesn’t it defeat the purpose of MFA altogether?<p>I have found some posts[1][2] indicating that it may not be as risky as I think, BUT I wonder if there is more to the story. Thoughts?<p>[1] https:&#x2F;&#x2F;blog.1password.com&#x2F;totp-for-1password-users&#x2F;<p>[2] https:&#x2F;&#x2F;security.stackexchange.com&#x2F;questions&#x2F;194142&#x2F;is-it-safe-to-store-2fa-tokens-together-with-passwords-in-1password<p>PS. Let’s stick to software tokens for the purpose of this discussion and not debate physical vs software token generators.
======
bradknowles
I use 1Password for personal things, but in trying to set up a shared solution
with my wife, I have found that they are not as well suited for group use.
They’re getting better, but they’re still not there.

My employer uses LastPass Enterprise, and I’ve helped manage that part of the
system for years. In my experience, LastPass is more clunky for things done
outside the browser, but they have better browser integration than 1Password.
LastPass is also much better suited in an Enterprise environment.

Many people at work use various tools for creating MFA tokens, including
Authy, the Google Authenticator app, the Microsoft Authenticator app, etc....
but I primarily use the LastPass Authenticator app.

I have not made any attempt to use 1Password for personal MFA purposes. I am
not at all convinced it is well suited to that role, either.

~~~
satyenr
Doesn’t LastPass Authenticator suffer from the same problem? If I understand
correctly, they store the MFA secret in the same account — meaning if your
LastPass vault is breached somehow, so is your MFA.

