this post was submitted on 01 May 2024
512 points (97.4% liked)
Technology
59402 readers
2603 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Correct me if I am wrong, but the Bitwarden client itself already does this. I store several of my TOTP's in my self hosted Vaultwarden/Bitwarden install.
You’re right, it does. This is a head-scratcher.
I guess they already had the TOTP code written, so creating a standalone app was trivial, but what’s the point?
Security-wise it’s not a good idea to keep passwords and 2FA codes in the same client as it then becomes a single point of failure. A standalone authenticator app resolves that as long as it’s not unlocked with the same master password. A standalone app also opens a venue for non-BW customers to get on their platform.
It's not a good idea to keep both on the same device, but i wouldn't use it at all if it was a struggle
Would it count if the application is the same but all the TOTP is handled by a different database with a different passphrase?
Depends on how they got broken