pitninja

@pitninja@lemmy.ml

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
That may have been part of the reason, but the theory behind MFA is that there are 3 primary ways to authenticate who you are: what you know (password), what you have (secure one time password generator or hardware token), and what you are (biometrics). Password managers and digital one time password generators have kind of blurred the lines between passwords and one time passwords, but you’re raising your risk a bit if you put them in the same place.
⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Even if I hosted my own BitWarden vault, I wouldn’t put my passwords and 2 factor tokens in the same place because it’s eliminating the benefits that 2 factor provides if someone somehow manages to get into my vault.
⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Exactly, from a security perspective, it’s a bad idea to put 2 factor tokens together with your passwords. You effectively eliminate the security benefit that 2 factor provides if you do because if people get into your password manager, they have everything they need to access your accounts. The only people it helps having it all in one app are people who don’t understand the purpose of 2 factor and just see it as an inconvenience when services force it on them. Even though I use BitWarden for passwords, I don’t think that I’ll be changing from Aegis to BitWarden’s stand-alone authenticator because Aegis is doing its job nicely.
⁨Comment⁩ on ⁨Bitwarden has launched a new authenticator app⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
From a security perspective, it’s not a great idea to put 2 factor tokens together with your passwords. You effectively eliminate the security benefit that 2 factor provides if you do because if people get into your password manager, they have everything they need to access your accounts. The only people it helps having it all in one app are people who don’t understand the purpose of 2 factor and just see it as an inconvenience when services force it on them. I’m not sure that I’ll be changing from Aegis to BitWarden’s stand-alone authenticator, though, because Aegis is doing its job nicely.