![]() You can even leave the real 2FA setup in your phone for your most critical accounts and have Bitwarden take care of the others. Find a security expert instead and listen to what they have to say to you.īut otherwise, I believe that yes, Bitwarden 2FA feature can be set up in a reasonably secure way for most people and most accounts. If you are a publicly known person (who is more likely prone to targeted attacks) or are dealing with some highly sensitive information, I would never recommend using this feature. OK, it’s less safe, but is it safe enough for me? Technically speaking, this is not a 2FA any more but rather a ”single−factor two-step authentication“, you get your login info in two steps but from a single source. The whole point of 2FA is that you must use two separate means (”factors“) for accessing your login information to sign in a service and this core requirement is not respected in Bitwarden 2FA because all that you’ll need to access the complete login information is your master Bitwarden password. You’ll have to pay a few bucks to use this feature.įirst things first: compared to the classic 2FA approach, storing your 2FA secrets and generating one-time codes in Bitwarden is most probably less secure. The free plan only allows you to store the 2FA secret but not generate the one−time codes. I should note now that the 2FA codes generation feature is available only in the Bitwarden Premium or Organization plans. you locate the 2FA code form field and press Ctrl+V to paste the code from clipboard.Īnd that’s it, no need to deal with your phone and its 2FA app! How cool is that? And, more importantly, how safe is that?.a fresh 2FA code (TOTP) is silently generated and copied to your clipboard.you press Ctrl+Shift+L to let Bitwarden fill out the sign-in form, and submit the form.With the Bitwarden 2FA feature, things get much more convenient: This process soon begins to feel quite cumbersome as you add more 2FA accounts and have to log in more often. and type the 6 digit number it shows you into the web sign-in form.find the corresponding code among all others.you let the password manager fill out the sign-in form (some do it automatically upon page load) and submit the form.The typical scenario when signing in using a mobile app 2FA and a password manager is as follows: ![]() I won’t repeat here that two−factor authentication (2FA) is a good thing and why, I presume you already know that if you’re reading this article and use it at least for your most critical accounts. Nice!īut soon I discovered one feature that really struck me - Bitwarden can store and generate one−time passwords for two−factor authentication! Whoah! This raises many questions and potentially some worries, too, immediately: should I use it? Is it safe enough? Read on! Overall, I like that Bitwarden is open source, I find its UI cleaner and faster on all platforms that I use and also the Premium plan is cheaper. A few weeks ago, I dropped LastPass in favor of Bitwarden as my new main password manager.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |