> Why are we developing systems that use TOTP if we are encouraging users to treat them like passwords, undoing the vast majority of the security benefit?
Better advice would be "treat them like passwords, but keep them encrypted separately from your password manager."
You shouldn't need to restore your TOTP secrets to your phone more than once every couple years, so there isn't any reason for you to have access to them 20 times a day.
Better advice would be "treat them like passwords, but keep them encrypted separately from your password manager."
You shouldn't need to restore your TOTP secrets to your phone more than once every couple years, so there isn't any reason for you to have access to them 20 times a day.