19
A pentester told me my password manager setup was garbage. He was right.
I used to save all my passwords in Bitwarden with the same master password and called it good. Last month a guy at a local meetup in Austin asked if I had 2FA turned on and I said no. He showed me how easy it was to export my whole vault if someone got my master password. I changed my master password to something long and random and set up TOTP with Authy. Now I also use passkeys for sites that support them. Anyone else skip basic stuff like 2FA for way too long?
2 comments
Log in to join the discussion
Log In2 Comments
barbara96711d agoMost Upvoted
A buddy of mine did this exact thing, kept everything in a single password vault with no 2FA for years. His account got phished at a Starbucks and someone wiped his entire crypto balance before he even realized what happened. He still gets mad whenever he hears someone say their setup is fine without 2FA.
10