this post was submitted on 01 May 2024
512 points (97.4% liked)

Technology

59534 readers
3195 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

you are viewing a single comment's thread
view the rest of the comments
[–] Evotech@lemmy.world 6 points 6 months ago (7 children)

I'm not putting my totp with my password, same as I'm not putting my password with my email (proton)

[–] pitninja@lemmy.ml 3 points 6 months ago* (last edited 6 months ago) (2 children)

Exactly, from a security perspective, it's a bad idea to put 2 factor tokens together with your passwords. You effectively eliminate the security benefit that 2 factor provides if you do because if people get into your password manager, they have everything they need to access your accounts. The only people it "helps" having it all in one app are people who don't understand the purpose of 2 factor and just see it as an inconvenience when services force it on them. Even though I use BitWarden for passwords, I don't think that I'll be changing from Aegis to BitWarden's stand-alone authenticator because Aegis is doing its job nicely.

[–] sugar_in_your_tea@sh.itjust.works 3 points 6 months ago* (last edited 6 months ago)

That's also part of why I'm against the new passkeys. I think passkeys could replace either passwords or tokens, but not both.

[–] million@lemmy.world 1 points 6 months ago

It really depends on your threat model. It’s not a one size fits all thing.

For instance in some threat models you shouldn't have TOTP auth and passwords on the same device, let alone the same app, but the vast majority of people are not going to carry two devices because of how inconvenient it is.

load more comments (4 replies)