Ask HN: How do you structure your password manager and TOTP email accounts?
Currently the email account I use for my Bitwarden account is the same as the one I use for my Authy account. In addition, password for the Authy account is in the Bitwarden account and 2FA for the Bitwarden account is in that Authy account. This seems like a circular dependency and a disaster waiting to happen.
I am thinking this is how I should structure it:
Email (E1) for the Bitwarden account (B1).
preferably this is a paid email like protonmail/fastmail
Email (E2) for the Authy account (A1) that has only B1 TOTP added.
preferably this is a paid email like protonmail/fastmail
Email (E3) or my critical accounts like banks and other financial institutions
preferably this is a paid email like protonmail/fastmail
password for this email account as well as the financial accounts are stored in B1
Email (E4) for all other non-critical logins
This can be a Google account
Password for this email as well as the other accounts are stored in B1
Email (E5) for another Authy Account (A2) to store TOP for all accounts created in E3 and E4
Passwords for E1, E2, B1, A1 and A2 are never stored in any digital medium
At most it will be in a physical form at my home
How are other people who like to go that extra distance structuring theirs?
I personally would not like the complexity of one Bitwarden account, two Authy accounts, and five email accounts! I wonder if your current desire to "go that extra distance" now would fade, and in the future the complexity of your proposed structure would lead to problems.
You are correct; that certainly is possible - this setup was my engineer's instincts for maximum modularity and separation.
My ideal password manager and TOTP account feature would have been something that allows a random username as the account key and does not require any email. That would have cut down the emails to only 2.
But all these password managers and 2FA accounts require email - I would have guessed random username would be harder to crack and would be better anonymized.