I don’t view it as simply compromised or not. How a password is compromised is relevant. The vast majority of issues aren’t somebody gaining access to your logged in machine. Passwords are nearly always compromised from a server mishandling data.
That means in most cases 2FA near a password is not likely to be an issue. I’m not saying I recommend it, but it does change the risk evaluation.
Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. It’s not just services mishandling their data that people should consider as likely vectors.
I do agree about evaluation - it doesn’t matter much with stuff like a forum account that has 2FA, but I certainly wouldn’t put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It weakens your protection if something does go wrong.
I don’t view it as simply compromised or not. How a password is compromised is relevant. The vast majority of issues aren’t somebody gaining access to your logged in machine. Passwords are nearly always compromised from a server mishandling data.
That means in most cases 2FA near a password is not likely to be an issue. I’m not saying I recommend it, but it does change the risk evaluation.
Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. It’s not just services mishandling their data that people should consider as likely vectors.
I do agree about evaluation - it doesn’t matter much with stuff like a forum account that has 2FA, but I certainly wouldn’t put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It weakens your protection if something does go wrong.