T
19

A pentester told me my password manager setup was garbage. He was right.

I used to save all my passwords in Bitwarden with the same master password and called it good. Last month a guy at a local meetup in Austin asked if I had 2FA turned on and I said no. He showed me how easy it was to export my whole vault if someone got my master password. I changed my master password to something long and random and set up TOTP with Authy. Now I also use passkeys for sites that support them. Anyone else skip basic stuff like 2FA for way too long?
2 comments

Log in to join the discussion

Log In
2 Comments
barbara967
barbara96711d ago
A buddy of mine did this exact thing, kept everything in a single password vault with no 2FA for years. His account got phished at a Starbucks and someone wiped his entire crypto balance before he even realized what happened. He still gets mad whenever he hears someone say their setup is fine without 2FA.
10
cameron_palmer
Damn, that Austin guy probably saved you from a real headache later.
4