• Allero
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    4 months ago

    Yep, and Vaultwarden too!

    Though the most secure practice is to store them separately.

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      The most secure practice for any high-value accounts (email etc) is to use WebAuthn with a hardware key like a Yubikey.

      TOTP is still vulnerable to phishing (a fake login page can ask for both a password and a TOTP code) so business/corporate environments are moving away from them.

      • Allero
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Sure, hardware keys are superior!

        I’m only talking about best practtices when using TOTPs in particular.