privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-11-03 21:07:55 +00:00
Code Issues Activity

Clarify password manager and TOTP storage (#1810)

Browse Source 
Signed-off-by: Daniel Gray <dng@disroot.org>
This commit is contained in:
matchboxbananasynergy
2022-09-26 00:40:55 +00:00
committed by Daniel Gray
parent 02c65f45e3
commit faf6d34ec1
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/basics/passwords-overview.en.md
View File

@@ -100,7 +100,11 @@ There are many good options to choose from, both cloud-based and local. Choose o
!!! Warning "Don't place your passwords and TOTP tokens inside the same password manager"
If you're using TOTP as a [multi-factor authentication](../multi-factor-authentication.md) method for any of your accounts, do not store these tokens, any backup codes for them, or the TOTP secrets themselves in your password manager, as that negates the benefit of multi-factor authentication. You should use a dedicated [TOTP app](../multi-factor-authentication.md#authenticator-apps) instead.
When using TOTP codes as [multi-factor authentication](../multi-factor-authentication.md), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md#authenticator-apps).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device.
### Backups