I am (was?) one of those. Working on eliminating or changing the passwords and emails of my 550+ accounts. I’m creating a simplelogin email for each of the ones I’m keeping, setting up a randomly generated password for each as well (24+ characters long with every possible character available), trying to delete the accounts of services I don’t want/need anymore, and then setting up 2fa on Aegis if they don’t accept a hardware tokens.
But it’s an intense and long process, though absolutely worth it. With work and personal life, I’m guessing I can be done in a couple of weeks.
theherk@lemmy.world 4 days ago
I don’t view it as simply compromised or not. How a password is compromised is relevant. The vast majority of issues aren’t somebody gaining access to your logged in machine. Passwords are nearly always compromised from a server mishandling data.
That means in most cases 2FA near a password is not likely to be an issue. I’m not saying I recommend it, but it does change the risk evaluation.
pulsewidth@lemmy.world 2 days ago
Peoples credentials are increasingly captured by information stealer malware, including attacks on Keepass. It’s not just services mishandling their data that people should consider as likely vectors.
I do agree about evaluation - it doesn’t matter much with stuff like a forum account that has 2FA, but I certainly wouldn’t put any of my banking or key account 2FA backup codes or credentials in a password manager or central account/password storage service. It weakens your protection if something does go wrong.