Which one would you recommend focusing on because it is extremely annoying and time consuming to do both.
If I just delete cookies on exit, i can use a password manager to fill in accounts but compromise on security.
If i just use 2fa i would then in turn comprimise on privacy.
Also putting the TOTP code in the password manager defeats the entire point of 2fa
why do you think 2fa compromises your privacy?
delete cookies on exit, should be automatic and 2fa usually takes a few seconds. I am having hard time understanding what the issue is or how these two things are competing with each other.
There is a very small increased risk when you do this but, in theory, your password manager is also protected by a high entropy password and 2fa. This is typically a threat modeling issue, where people are making things less convenient for themselves even if their threat model does not warrant it.
It still protects you from password breaches and most phishing attempts. I think it’s a good compromise. Delete your cookies and log in with 2FA TOTP in your PW manager
If I understand correctly the trade-off here is deleting cookies but not using 2FA vs using 2FA but not deleting cookies, as deleting cookies would log you out & using 2FA repeatedly is time consuming.
Which one would you recommend focusing on
2FA
If i just use 2fa i would then in turn comprimise on privacy.
You’re logged in to an account. All activity is tracked and associated with you anyway and persists cookie deletion.
Also putting the TOTP code in the password manager defeats the entire point of 2fa
The point of 2FA (or 2SV, and ignoring phishing resistant variants) is that there is a 2nd factor in case the 1st is compromised. For example poor password practices such as reusing passwords. As mentioned by others it is technically less secure (but so is storing the authenticator codes/app on the same device as the password manager) but the main benefit of a unique random high-entropy authentication factor is still there.
Keep 2FA on and turn off cookie deletion for specific sites where it’s bothersome - i.e. websites where you visit frequently and always want to be logged in.
Do both. Usability will be a bit annoying but at the end of the day, the only tradeoff is a few seconds of your time.
Alternatively, you can also just use different browsers (or FireFox containers) for your browsing activities.