And seemingly reading beyond the headline is also not your thing.
This is a separate app unconnected to your bitwarden account…
Comment on Bitwarden has launched a new authenticator app
Evotech@lemmy.world 6 months ago
I’m not putting my totp with my password, same as I’m not putting my password with my email (proton)
Appoxo@lemmy.dbzer0.com 6 months ago
pitninja@lemmy.ml 6 months ago
Exactly, from a security perspective, it’s a bad idea to put 2 factor tokens together with your passwords. You effectively eliminate the security benefit that 2 factor provides if you do because if people get into your password manager, they have everything they need to access your accounts. The only people it helps having it all in one app are people who don’t understand the purpose of 2 factor and just see it as an inconvenience when services force it on them. Even though I use BitWarden for passwords, I don’t think that I’ll be changing from Aegis to BitWarden’s stand-alone authenticator because Aegis is doing its job nicely.
sugar_in_your_tea@sh.itjust.works 6 months ago
That’s also why I’m against the new passkeys. I think passkeys could replace either passwords or tokens, but not both.
million@lemmy.world 6 months ago
It really depends on your threat model. It’s not a one size fits all thing.
For instance in some threat models you shouldn’t have TOTP auth and passwords on the same device, let alone the same app, but the vast majority of people are not going to carry two devices because of how inconvenient it is.
rolling_resistance@lemmy.world 6 months ago
It’s a separate app with no sync to Bitwarden accounts.
Evotech@lemmy.world 6 months ago
Still, I bet they share a lot of the same backend and personell.
Appoxo@lemmy.dbzer0.com 6 months ago
personell doesmt matter as it’s zero knowledge?