{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihl5v2qmef2ola53ppfgocwrep45vj3pm2lqgyfhksj43fcfzgjyy",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mlgw7jggqk42"
  },
  "path": "/t/threat-models-for-storing-passwords-totp-and-passkeys-in-a-single-password-manager/37761#post_5",
  "publishedAt": "2026-05-09T18:27:58.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "security keys"
  ],
  "textContent": "TheDoc:\n\n> Off-topic but if these are your only 2 copies I strongly suggest creating a third backup on a flash drive stored somewhere away from your home.\n\nThanks for the heads up, I’ll for sure do that.\n\nTheDoc:\n\n> If instead you stored your passkeys on actual hardware (smartphone or security keys) malware generally shouldn’t be able to retrieve your private key.\n\nThat’s if I store the passkeys on devices separate from my iPhone (like a YubiKey) but if my passkeys are stored in Apple’s password manager on my phone then malware can get the secret, couldn’t it?\n\nTheDoc:\n\n> Similar to passkeys stored on hardware, they can sit in as a MITM on your laptop but lack the actual secrets (stored on iPhone, YubiKey, etc) to gain persistent access to your accounts thus making the account compromise temporary.\n\nI see, so I guess I confused temporary access with permanent access. Now I’m wondering if I should sacrifice the convinience of having all credentials in a single database or separate them (password on `.kdbx`, TOTP on Ente Auth on iPhone, and Passkeys on iPhone) for a feeling of increased security (I don’t know how likely it is for my computer to get compromised).\n\nI was thinking of getting a physical key but it seems like a pain to always keep in hand and making sure to have backup copies and so on. Also, sadly my phone doesn’t have USB-C so I can’t even use it on both PC and phone .",
  "title": "Threat models for storing passwords, TOTP and passkeys in a single password manager?"
}