the boss could technically read anything we wrote
My old work actually ran into some issues because they couldn’t see DMs/private channels.
Maybe this is a cloud vs. self-hosted thing? It’s been a few years since I’ve worked there though.
I’d also imagine at least part of it is the same as how normal people seem to think ADHD people with amphetamine prescriptions are just constantly high.
They don’t realize that whatever good feelings they’re getting from taking 100mg of amphetamines at once don’t apply at all to people chronically on small extended doses.
It still defends against one failure mode (the website gets hacked but you’re ok) but yeah, obviously if you get hacked and the hacker knows how to get your vault out then you’re 100% screwed.
My suggestion is always hardware 2FA, even though it’s not as mature as the other systems. Personally I have two Yubikeys (in case one breaks/gets lost) but it does mean that I need to add TOTPs to both of them each time I add a new 2FA.
There’s a PR open (https://codeberg.org/Kbin/kbin-core/pulls/214) but I’m assuming Ernest has a million other things going on right now too.