> The attacker already had access to my Gmail, Drive, Photos — and my Google Authenticator codes, because Google had cloud-synced my codes.

Don't do that. Don't put your 2FAs somewhere else than in an unsynched app. Not in Bitwarden, not in any online account, nowhere else than "Something you have".

▲

gip 5 days ago | parent [-]

Just wondering what is the plan in case this thing you have gets lost?

And would you say that using something like authy with encryption using a totally unique password is safe?

▲

cbdumas 5 days ago | parent [-]

Typically you print out recovery codes and keep them somewhere safe

	▲	fsckboy 4 days ago \| parent [-]
		most thefts are inside jobs, so somewhere safe would be to give them to a total stranger