Securing online accounts

Over the years I’ve used a variety of ways to generate and secure passwords for online accounts. BitWarden now has Passkey support. If passkeys are synced over the cloud, then they’re basically really complex passwords, that’s all. I like the concept of Hardware backed 2FA keys but I worry about hardware failure over the long run.

My current setup is as follows:

• Bitwarden
• Microsoft Authenticator for iOS
• Authy (Twilio) for iOS
• Yubikey 5c Nano
• Okta Verify (for work accounts)
• Biometric Passkey: MacOS Touch ID
• Biometric Passkey: iPhone Face ID
• …other methods?

Too many ways, and it gets confusing. I have to ‘remember’ the 2FA method since I’m using a variety of methods. I want to simplify my setup so that I have the following

Basically

• Prefer passkeys when possible.
• Otherwise use randomly generated passwords + 2FA. For anything using 2FA download and print 2FA backup codes
• All passwords and passkeys are stored in BitWarden
• For 2FA use Microsoft Authenticator. Why? Because I don’t trust Google and other companies to continue supporting a tool that doesn’t generate any direct revenue for them.
• Protect Bitwarden itself using 2FA

Some accounts need some extra thinking:

Microsoft Account

Microsoft account now allows password-less login. So that’s a good option

• Password-less account
• Microsoft Authenticator 2FA

Google Account

• Bitwarden Passkey 2FA

Apple Account

• Approved devices 2FA