Bitwarden has launched a new authenticator app ( bitwarden.com )

Bitwarden Authenticator is a standalone app that is available for everyone, even non-Bitwarden customers.

In its current release, Bitwarden Authenticator generates time-based one-time passwords (TOTP) for users who want to add an extra layer of 2FA security to their logins.

There is a comprehensive roadmap planned with additional functionality.

Available for iOS and Android

pineapplelover ,

I personally have no use for this since I use Aegis and sync it with my synology drive

thoralf ,
@thoralf@discuss.tchncs.de avatar

After Authy scrapped its support for the desktop client, I’m looking for an alternative.
Sadly, this does not look like it.

clgoh ,

Sadly, this does not look like it.

Why?

thoralf ,
@thoralf@discuss.tchncs.de avatar

I do not see a desktop client.

clgoh ,

Ah. I only use a phone app, but I see the problem.

cyrus ,
@cyrus@sopuli.xyz avatar

Ente.io is working on a desktop app. Whilst its experimental, you can get it from the releases page on their github

sugar_in_your_tea ,

I use Authenticator on Linux. I'm not sure what OS you use, but perhaps there's another, TOTP is a pretty easy protocol to implement (it's basically just a hash of a key and timestamp).

thoralf ,
@thoralf@discuss.tchncs.de avatar

I would like an app for desktop and phone/tablet that are syncing, just like Authy did, before they abandoned the desktop app.

So, for me that means: iOS/iPadOS and macOS

red ,
@red@sopuli.xyz avatar

I'm in the same boat. I'm a paid Bitwarden user but I'd like to keep 2fa and passwords separated.

If no alternative soon, i'll just bite the bullet and put everything in bitwarden (except itself, ofc)

Spendrill ,

KeePassXC can do this as well. I had no idea until I saw a post on here where someone mentioned it.
Here's the documentation.

n0x0n ,

OK, so one TOTP app more. What’s this one doing better than all the others like 2FAS?

Appoxo ,
@Appoxo@lemmy.dbzer0.com avatar

For now: Nothing. Pretty bare metal atm.

pressanykeynow ,

one TOTP app more

You say this as a bad thing.

n0x0n ,

Not at all, I’m just wondering if this particular one is better than any of the others.

stealth_cookies ,

Yeah, they're are a few open source TOTP apps that seem pretty interchangeable. I use Authenticator Pro because it has a Wear OS integration that is handy if you have a smart watch.

NGC2346 ,

[Thread, post or comment was deleted by the author]

    •
    Agent641 ,

    They're good Bits, Bront

    CalicoJack ,

    It's also free in the Bitwarden app if you self-host with Vaultwarden. It's only a paid feature if you're using their hosting, and seemingly only so they can dangle it as a "premium" benefit.

    KingThrillgore ,
    @KingThrillgore@lemmy.ml avatar

    Of which I pay for, I have no issue paying Bitwarden for good work. And I use Bitwarden on-site myself.

    Appoxo ,
    @Appoxo@lemmy.dbzer0.com avatar

    For 10€ a year I will pay for a feature I don't even use voluntarily.
    Just because the app is great and works really well with multi accounts.

    Adderbox76 ,

    Exactly. I don't pay for Bitwarden because I need all of its features. I pay because I want to support them and the job that they are doing. The extra features are just a side-effect of that.

    Coreidan ,

    Jesus fuck. How many more authentication apps do we need that all do the same thing?

    At work I need at least 4-5 different authentication apps because every customer has something different.

    We don’t need another.

    blazeknave ,

    Random number generator 2fa?

    dave ,
    @dave@feddit.uk avatar

    4-5 TOTP apps? So far, when, e.g. Microsoft or Google have insisted use of their own Authenticator app is required, it’s worked fine for me using Ente Auth or similar just by entering the code / QR.

    sugar_in_your_tea ,

    Yup, most 2FA is just TOTP, which is a pretty simple, open standard and is hardware independent. All you need is a key (the QR code or the numbers) and access to a reliable time source and you can make a TOTP app on anything.

    I use Aegis on my phone and Authenticator on Linux (some GTK app), and they both produce identical codes for the same key.

    million ,
    @million@lemmy.world avatar

    This even works with some apps that hide the standard part - like Symantec VIP - it’s possible to extract what they are doing and use a standard TOTP app instead of VIP.

    vividspecter ,

    You only need one app, as long as the totp is implemented in a standardized way.

    0x0 ,

    Microsoft products would like a chat...

    JustARegularNerd ,

    They did. DUO was born.

    Scrollone ,

    I use my Microsoft account with a standard OTP app, you don't need their own app.

    0x0 ,

    I did too until it kept rejecting my tokens frequently - changing to M$ Authenticator "solved" it.

    sugar_in_your_tea ,

    They must now require HOTP or something now. TOTP doesn't care what machine it's on, whereas HOTP does (well, you could spoof it if you really wanted).

    rolling_resistance ,

    Wait until your workplace requires you to only use MS Authenticator push notifications 😭 and HOTP occasionally…

    sugar_in_your_tea ,

    Is that a thing? Usually those have a fallback to a regular TOTP code.

    I use Okta for work because we integrate SSO with it everywhere, but I could technically enter a code every time and swap out the Okta app for the other TOTP app I use.

    My company is a MS shop, but they use TOTP as the second factor, and even that is optional. My department uses Okta, which is a completely separate system (we're a weird, separate unit entirely from most of the rest of the company).

    sugar_in_your_tea ,

    They're probably using HOTP or something else, not TOTP. TOTP is literally just the key + any clock. Or maybe it's the "click button to authenticate" and not the "enter code to authenticate," which might not be HOTP or TOTP, but something else entirely (e.g. Steam's system is neither AFAIK).

    If it's TOTP, you just need to get the key and can use any authenticator app.

    podperson ,

    Why not just use Strongbox? All of that’s built in and don’t have to store your vault on their cloud.

    cyrus ,
    @cyrus@sopuli.xyz avatar

    This new app is offline.

    podperson ,

    ? Works fine for me and their site seems to be normal as well:

    https://strongboxsafe.com/

    cyrus ,
    @cyrus@sopuli.xyz avatar

    No I mean the new bitwarden app works completely offline lol

    LucidBoi ,

    Why not just use KeePassXC? It's completely free amd works great.

    Rin ,

    Syncing doesn't work well for me. Bw did a much better job.

    LucidBoi ,

    True, it is a hassle sometimes... Especially on new devices.

    sadcoconut ,

    Assuming you're asking about the password manager?

    Most important for me is that with Bitwarden I can share passwords with someone else.

    Appoxo ,
    @Appoxo@lemmy.dbzer0.com avatar

    So is Bitwarden? Even more so if it's selfhosted?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • kbinchat
  • All magazines
    •