I agree for the most part but it doesn’t entirely defeat the purpose. If someone got a hold of your password for a website it would still protect you. And let’s be honest, that’s the most likely scenario. But yes if someone got into your password manager then it’s completely game over. A scenario where having a separate 2fa device would still protect you.
I feel like that defeats the purpose of 2fa.
I agree for the most part but it doesn’t entirely defeat the purpose. If someone got a hold of your password for a website it would still protect you. And let’s be honest, that’s the most likely scenario. But yes if someone got into your password manager then it’s completely game over. A scenario where having a separate 2fa device would still protect you.
It definitely defeats the purpose. If you store them together there’s only one factor!
Things you know, have, or are.
It just becomes two things you know.
Password managers do have two factors: the vault (have) and the master password (know).