A man-in-the-middle attack would also collect your credentials without having access to your password database.Ī better solution would be to keep your 2FA generation/reset codes in a separate password database, locked with a password kept in your primary one and stored in a separate location. It's not a common scenario, but a script kiddy might get keylogger software while not having the technical skill to find and steal your password database. In a scenario where the attacker can monitor your keystrokes or the credentials you're sending to the website but not download your password database, they would not be able to logon to your account with 2FA enabled because they wouldn't be able to determine your seed/reset code. For any service outside the cloud this should be fine.Yes, there is a slight security gain from having two-factor authentication (2FA) enabled on a site even when you store the 2FA generation/reset code in your password manager. start with a password manager (I will suggest ). I even found that it can manage my credentials for.Īsk HN: Secure and simple way for secret/credential management in a startup? It also manages my SSH keys and adds them to the ssh-agent, even on Windows. Kepassium makes it available on iOS, and Keepass2Android makes it available on Android. It syncs between my devices using Dropbox. I use KeepassXC password manager, it keeps my TOTP information and makes it available to use on all my devices. Ask HN: How do you start over with 2FA and losing your phone?.If I SSH to UDM and perform traceroute, everything seems good: Some websites inaccessible from network, accessible while SSH to UDMSE Read this with 1pw meaning was confusing lol. , had no issues.ĭo you use a password manager (or another tool) to save any financial data such as login information? Funny enough, subdomains, such as support. If I SSH to the router and perform traceroute directly to, it successfully made the full trip. In other cases, specifically, the request would make it to the router, but the router couldn't return back to anything in the network. UDM SE factory reset + initial setup forces autoupdate