Welcome to Admin Junkies, Guest — join our community!

Register or log in to explore all our content and services for free on Admin Junkies.

Do you use one password for all your accounts?

Advertisement Placeholder
Can't speak for it outside of a business context, but at work we definitely use features like the ones you're describing.

(I've never tried it in a home context to add meta data.)
I really wish some of them would build in 2FA ability directly so you don't have to go to an outside program to obtain that function.
 
I really wish some of them would build in 2FA ability directly so you don't have to go to an outside program to obtain that function.
I fully agree with this.
 
1Pass has this for some sites in fact, if the site supports the integration.
From looking at their site, it's still done as a separate option in the login location you create? That's what I'm talking about, if you create a login entry and have 2FA enabled, in that very entry it should also show the current 2FA code. Their site (from my brief look) wasn't very clear on that.
What I reference is when you pull up the actual entry itself, in addition to all our login info, it directly shows a 2FA code there. Their "image" that they show it in is not really clear... if so, kudos to them... more need to do the same.
 
Yes, in that very entry it shows the current 2FA code if properly set up to do so. The fact that this makes it not really 2FA any more is entirely a side concern.
As I edited for above, more need to do so. I personally choose NOT to use 1Pass/1Password.
Have they actually allowed the creation of custom templates on the non-business plan? This is a BIG issue for me personally as I don't want multiple apps to create information in. Last time I checked they ONLY allowed you to edit existing templates on their non-business plan.
 
I don't know, since I don't have a non-business plan.

Look, you have an app you're happy with. Stick to it, move on with your life.
You butt-hurt or something?
Simple fact is... some of us actually need more than "simple pre-defined templates". I'm actually curious if 1Password actually allows that ability on a consumer plan compared to a "business" plan. The business plan is $8USD a month.
I KNOW that mSecure allows the creation of custom templates.... BUT they don't have 2FA enabled in their app. but they should. You have issues with questions?
 
No, just bored of you recycling the same points over and over. Yes, we get it that you need more than pre-defined templates. Most people don't. You found a solution to your problem, you shared it, yet you keep going on about whether a different tool would solve your problem - but it's honestly not a problem most people actually have.

I do have an issue with the fact you're willing to turn actual 2FA into potentially 1FA but that's a different problem unless you're 2FA'ing into mSecure.
 
No, just bored of you recycling the same points over and over. Yes, we get it that you need more than pre-defined templates. Most people don't. You found a solution to your problem, you shared it, yet you keep going on about whether a different tool would solve your problem - but it's honestly not a problem most people actually have.

I do have an issue with the fact you're willing to turn actual 2FA into potentially 1FA but that's a different problem unless you're 2FA'ing into mSecure.
Dream on youngster... the simple fact is... to get custom templates you apparently have to pay $8USD a month to 1Pass... granted, not many need custom templates. but for those of us who actually DO it's a necessary point of data, the simple fact that YOU may not need it does not belay that fact.
And NO, mSecure does NOT offer that ability upon ANY of their tiers... but the simple fact remains that ANY of the password keeper developers SHOULD offer that ability.
I really get tickled at how you regularly trend to comport to certain points I've made by try to deny! 🤣
The simple facts are.. you have to pay more to 1Pass/Password to get the ability to create custom templates (a monthly recurring fee apparently).
mSecure offers that as base in their basic price.
1Pass offers 2FA in their implementation.
mSecure does not.
ALL password programs SHOULD offer 2FA in their app as a login template creation option.
How much simpler than that can it be?
 
Given that the average user only secures their password manager with a password, you'd be making everything a single point of failure with 1FA if you routed the 2FA into the password manager.

Especially given how many people typically also use worse passwords on the password manager than they should because they'll be typing it a lot each day... but sure, you go have fun feeling all superior because you told someone on the internet that they were wrong.
 
Given that the average user only secures their password manager with a password, you'd be making everything a single point of failure with 1FA if you routed the 2FA into the password manager.

Especially given how many people typically also use worse passwords on the password manager than they should because they'll be typing it a lot each day... but sure, you go have fun feeling all superior because you told someone on the internet that they were wrong.
Errr...you KNOW how 2FA works, correct? EVERY login would have the same ability as normal for the password manager, then top it with a standalone 2FA application.
There is NO 1FA involved... you have individual accounts for EVERY login (with their own passwords), and they EACH have SEPARATE 2FA codes. Use of those by a web browser MAY enter your password from the app... but then the app would provide you with the 2FA to MANUALLY enter when the site prompts for it. There reaches a point where automation can equate to stupidity in action.
The simple matter is that ANY password program/app worth it's salt has sufficient encryption already enabled on those base accounts/entries.
I think you actually have a problem with understanding how using a password manager (and allowing it to create individual passwords) and then topping 2FA onto that where it actually works by showing for a MANUAL entry? Do you mayhap limit the use of the app to your limited use of it? Are you conflating passwords with 2FA by chance?
 
Last edited:
Let me try to spell it out for you.

Most people log into the password manager with a password and nothing more. This is not 2FA because you have username (something you know) and password (something you know). This gives them access to all the passwords therein.

You're asking for the individual logins (which are individual instances of 1FA) that have an authentication code (which makes it 2FA, because it's now something-you-know plus something-you-have)) be displayed in the same place as the rest of the information, or even auto-entered for you potentially.

Which means that you accessing a given site on the password manager has a *total* security of 1FA because it doesn't matter about the bit between the password manager and whatever other site, that could be any number of things, SSH keys, MFA tokens, whatever - if you can get to that point with only giving a single password yourself, that's the limit of the security on the system.

You essentially have a safe with all the keys to all the things in it for everything else - but if that safe is only secured by the kind of key that opens tiny travel padlocks, that's the limit of your security, plain and simple.


Now, if you're telling me that you have 2FA to get to your password manager... then there's no problem. But most people don't.
 
Most people log into the password manager with a password and nothing more. This is not 2FA because you have username (something you know) and password (something you know). This gives them access to all the passwords therein.
And let ME spell it out for YOU.
Some of us would rather have the ability to do MORE than simple password management in one app. We aren't fans of having multiple apps to do singular things... we actually would prefer to consolidate that ability into ONE app. In fact, in MANY cases the data entered should NOT be easily available, but a central repository for it adds to efficiency. Further, ANY app that "automates" the entry of 2FA when prompted negates the function and should be avoided... that's why it should be "password entered automatically, 2FA provided for manual entry".
If someone has hacked your password app to the point to allow them to that access level.. then shame on you, you simply used a simplistic, idiotic password. It's a PITA to enter the password for my password manager, as it's a 20 character entry, but for security I do so.

I can easily see that you FAIL to understand what is being discussed... if someone already has your password to your app, you are generally screwed as most likely they have access to other information on your system. To break the standard 256 bit encryption used by the majority of those apps would take on average of a million years. You REALLY think that folks are going to pursue that for access to a simple password app.
Now, if you use stupid passwords like your DOB, the name of your spouse, the word "woof dog" in honor of your pet or any of those other simplistic stupid passwords... that's not an issue with the app.. it's simply a user issue.

Now, if you're telling me that you have 2FA to get to your password manager... then there's no problem. But most people don't.
Ahhhh.. the ignorance of those with a limited mind-set. We are NOT talking about using 2FA to enter your password app. One would HOPE that anyone of minimalistic competency would have an adequate password to enter their password manager.

The simple fact is, it would be a BENEFIT to add 2FA into login credentials in an app.... and MOST of those quality apps are secured by 256bit encryption (once more to repeat... a million years ring a bell?) I'm NOT talking about using 2FA to enter the app itself, but to integrate it into login credential templates - which 1Pass currently does, but others do not. 1Pass/Password is limited on extending their app to truly customized templates unless you are willing to pay $8 a month to them. Meanwhile other apps allow customized templates, but they fail on the 2FA integration. Six of one, half a dozen of another.
Many of us that have been in the field for many years would prefer access to an app that allows (big word coming up that may be difficult to understand for some) consolidation of information into ONE app. You ever hear of the word "efficiency"? It would be a great boon if they also offered the ability to include a 2FA factor into their "login" templates. Currently the only one that does is 1Pass/Password.... but they limit customization ability to a a higher tier. As I said previously.. it would be NICE if others offered 2FA into their apps.
 
Last edited:
One would HOPE that anyone of minimalistic competency would have an adequate password to enter their password manager.
Most don't, though, as the LastPass hack proved.

But if you can log into the password manager with just a password and the password manager does the 2FA for you... you don't *really* have 2FA on those accounts - you now have a single point of failure everywhere.
 
Most don't, though, as the LastPass hack proved.
Can't help (and really don't care) what others do. We are talking basic functionality that would benefit those of us who actually DO proper security.
But if you can log into the password manager with just a password and the password manager does the 2FA for you... you don't *really* have 2FA on those accounts - you now have a single point of failure everywhere.
Errr.... remind us, exactly HOW many of those 2FA apps actually require a "password" to log in? Yes, I DO use face ID on many of mine, but that is an ELECTED option, not default. You use Google Authenticator and by default you can long DIRECTLY into it.
Of course, one could "require" 2FA to enter an app... but by the same token, one could require fax submission from a known telephone number utilizing known ID credentials to do the same (do you even remember sites that required you to submit forms PROVING you were over a certain age?). OR, the actual user could use a secure password and not have to worry about someone figuring out that their password is "Sam" after posting the name of their dog on FB, or the name of their spouse or their anniversary or DOB or any of the other typically STUPID passwords that the lazy use.
There reaches a point of stupidity that can't be overcome by software.
It is NOT the duty of the app provider to make sure the end user uses adequate credentials.... but you seem to want to push that off on them instead of putting it where it should actually lay, the actual end user. You use crap passwords and get hacked... that is TOTALLY on you.
The reality is, you use crap passwords, you get cracked. You use adequate passwords, odds are you don't. But you simply PROVE a point that I've made in the past... society is lazy and complacent and would rather not take responsibility for their actions (or their poor choices), choosing to point to others for THEIR failures.
Instead of looking at a particular subsection, some of us actually take the totality of need into consideration. It's a fault I've found with many in my dealings. They tend to fixate on THEIR needs, and don't take into consideration the need overall (and here-in you simply prove that point).
 
Last edited:

Log in or register to unlock full forum benefits!

Log in or register to unlock full forum benefits!

Register

Register on Admin Junkies completely free.

Register now
Log in

If you have an account, please log in

Log in
Who read this thread (Total readers: 0)
No registered users viewing this thread.

Would You Rather #9

  • Start a forum in a popular but highly competitive niche

    Votes: 9 27.3%
  • Initiate a forum within a limited-known niche with zero competition

    Votes: 24 72.7%
Win this space by entering the Website of The Month Contest

Theme editor

Theme customizations

Graphic Backgrounds

Granite Backgrounds