Bitwarden just launched a new authenticator app. Here’s what it means to users. | Bitwarden Blog
bitwarden.com
Storing 2FA codes is just the beginning. Bitwarden aims to add defense in depth to authentication.

Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

  • SuperFola@programming.devEnglish
    3·
    2 months ago

    Good luck getting your vault compromised.

    Unless you have a weak password or the vault isn’t encrypted (which it is, AES256 iirc and you might be able to change that on a self hosted version), I don’t see that happening.

    • sugar_in_your_tea@sh.itjust.worksEnglish
      3·
      2 months ago

      Most password manager hacks don’t attack the encryption or password themselves (my password is very long), they find/create a side channel. For example:

      • keylogger attack to grab password manager password
      • social engineering to reset a password
      • attack the server to intercept passwords

      Every secure system can be defeated, but it’s a lot less likely that two secure systems will be defeated at the same time. So I keep my passwords and second factors separate. It’s unlikely that either will be compromised, and incredibly unlikely that both will be compromised at the same time.