BitWarden has a desktop extension and it also handles 2FA. No reason to be using a password, which is way less secure and can be extracted from a website DB via a hack.
In practice, yes. IF IMPLEMENTED PROPERLY it would be extremely unlikely for an attacker to get in.
For example with a proper implementation of TOTP it would require an attacker to guess the correct number between 1 and a million in less than a minute. Most services make you wait a little bit (often less than humans notice) between attempts and don’t allow infinite attempts, so an attacker would have to be unimaginably lucky.
There are sadly lots of huge companies that DON’T IMPLEMENT 2FA PROPERLY. Sony Entertainment (account for PlayStation) for example. So a unique and long password is still important.
BitWarden has a desktop extension and it also handles 2FA. No reason to be using a password, which is way less secure and can be extracted from a website DB via a hack.
Doesn’t the 2FA protect users still, if they only got the password?
In practice, yes. IF IMPLEMENTED PROPERLY it would be extremely unlikely for an attacker to get in.
For example with a proper implementation of TOTP it would require an attacker to guess the correct number between 1 and a million in less than a minute. Most services make you wait a little bit (often less than humans notice) between attempts and don’t allow infinite attempts, so an attacker would have to be unimaginably lucky.
There are sadly lots of huge companies that DON’T IMPLEMENT 2FA PROPERLY. Sony Entertainment (account for PlayStation) for example. So a unique and long password is still important.