this post was submitted on 16 Jun 2023

6 points (100.0% liked)

Privacy

38825 readers

900 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

What's the Bitwarden of 2 Factor authentication? (lemmy.world)

submitted 2 years ago by Kyoyeou@lemmy.world to c/privacy@lemmy.ml

21 comments fedilink hide all child comments

Hey, I need to move one day of Google Authenticator, and I was wondering if their was a project like Bitwarden for 2 Factor Authentication

Take care!

all 23 comments

sorted by: hot top controversial new old

[–] dethleffs 12 points 2 years ago

Aegis on fdroid

[–] landordragen@lemmy.ml 4 points 2 years ago* (last edited 2 years ago) (2 children)

Aegis Authenticator for Android: https://getaegis.app/

Raivo OTP for iOS: https://raivo-otp.com/

2FAS however is cross-plataform, open source, and what I'm using right now: https://2fas.com/

[–] Br0adbean@lemmy.world 1 points 2 years ago

I've been using Raivo OTP on my iPhone. 2FAS sounds interesting though as it's cross-platform!

[–] radau@iusearchlinux.fyi 1 points 2 years ago

Been using Aegis for a couple years and love it

[–] conscious_coma@lemmy.world 3 points 2 years ago* (last edited 2 years ago) (1 children)

Bitwarden has TOTP included as a feature. Seems like lots of people don't like using it though, and see storing the 2FA keys with the passwords as "putting all your eggs in one basket".

Aegis seems to be the open source 2FA app of choice for privacy-minded people right now.

[–] Kyoyeou@lemmy.world 1 points 2 years ago (1 children)

Wow, the program that keeps on giving, I'm surprised, I just checked, and I think I'm going to move my 2FA to Bitwarden

[–] tkchumly@lemmy.one 1 points 2 years ago

I use bitwarden for the bulk of my 2fas and aegis for the 2fa for bitwarden itself and a couple other sensitive/important sites that I want separated. Be sure to back up your 2fas somehow for bitwarden.

[–] provisional@lemmy.sdf.org 2 points 2 years ago (1 children)

You can use Bitwarden Premium for 2FA keys. It's pretty cheap and well worth it to support development ($10/yr).

If you're on Android and don't want to pay for Bitwarden Premium, I'd use something like Aegis Authenticator.

[–] trex@kbin.social 2 points 2 years ago

Yes, I do this too and really like it.

[–] Schrottkatze@kbin.social 2 points 2 years ago

Yes: Bitwarden.

Idk about the central instance, but I use my bitwarden (specifically vaultwarden) instance for my TOTP keys. I can just autofill and then it copies the current TOTP key and i can paste it in to log into whatever i'm logging into!

[–] novarime@sopuli.xyz 1 points 2 years ago (1 children)

Bitwarden provides a facility for MFA. Though there's an argument to be made against eggs + baskets. It might defeat threw purpose a bit.

I use Aegis which is opensource and easily encrypted and backed up locally. Saved my ass where I accidentally deleted my 2FA for Bitwarden, thus locking me out in circle of shite. Aegis allowed me to roll back and pull in that one missing key without having to redo a load i'd made since the last backup and all was good.

[–] toxic@kbin.social 2 points 2 years ago

Yea, I think everyone that is saying Bitwarden supports 2FA is missing the point of 2FA. You don’t want it to be in the same place where all your passwords are, otherwise if someone gets access to your passwords they essentially can prove they are you.

That being said, I use a mixture of Authy + Bitwarden. Bitwarden for sites that require it but aren’t really a priority for me to keep separated, and Authy for 2FA codes that I prefer being separate from my passwords.

[–] Tau@sopuli.xyz 1 points 2 years ago

FreeOTP+

[–] Gleddified@lemmy.ca 1 points 2 years ago

I personally use yubioath for anything that doesn't support yubikey. Sounds like that isn't a solution for you (maybe a totally different, open source hardware key?).

I'd recommend against putting your 2FA inside bitwarden. It's not a very good second factor if both factors can be exposed by getting into your bitwarden.

[–] TwilightKiddy@programming.dev 0 points 2 years ago* (last edited 2 years ago) (1 children)

KeePass. You need TOTP plugin for Windows and there is a nice Android app that implements it out of the box. They also support Steam OTP, though it's a bit hard to set up.

There is also KeePassXC if you want a cross-platform client, but I have no idea how good it is as I never used it.

[–] tkchumly@lemmy.one 1 points 2 years ago

KeepassXC is a really good option. I was using it for a while and it was great but bitwarden syncing is just so convenient.

[–] arkcom@kbin.social 0 points 2 years ago (2 children)

Yubikey is a good option. It supports totp for sites that don't support physical keys.

[–] Kyoyeou@lemmy.world 1 points 2 years ago

I don't think I'd go with Yubikey, but just because that's what I'm using at work, that's the only reason

[–] trex@kbin.social 0 points 2 years ago (1 children)

I have been tempted to get yubikeys but it seems like a hassle to have two and keep them in "sync".